Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.05.2013, 14:46   #1
O.L.I.
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Hallo.
Seit einiger Zeit fährt mein Laptop nur noch langsam hoch oder hängt sich kurzzeitig während des Gebrauchs auf. Ist auch nach dem hochfahren manchmal noch sehr langsam. Malwarebytes Antimalware findet nix und Kaspersky CBE 12 auch nicht. Ich glaube ich habe ein Virus oder ähnliches,weil das alles erst ist als ich einen dummen Fehler begang und ein Spiel öffnete namens "Alien Breed",daß ich von einem Bekannten hatte. Habe schon ein paar Massnahmen getroffen,wie alles von dem Spiel zu löschen und den Registry-Schlüssel von dem Spiel gelöscht habe. Und in dem Registry Schlüssel "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication" den Eintrag "AlienBreed.exe" in den vorherigen Eintrag(mir zuletzt bekannten) "setup.exe" umgewandelt habe. Hat alles nicht geholfen.

Bitte nicht wundern über die Event Log Einträge "Windows konnte nicht ordnungsgemäß herunterfahren",weil ich weiß das das von Kaspersky kommt. Ist ein anderes Problem das ich wohl mit Kaspersky klären muß.

Hier die geforderten Logs:

OTL :
Code:
ATTFilter
OTL logfile created on: 04.05.2013 13:05:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OLI\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 63,57% Memory free
5,49 Gb Paging File | 3,89 Gb Available in Paging File | 70,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 95,08 Gb Free Space | 63,79% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
 
Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.04 13:02:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLI\Downloads\OTL.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.12.24 07:55:20 | 005,865,289 | ---- | M] () -- C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe
PRC - [2010.08.27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010.08.15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.05.01 17:55:36 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.10 19:18:26 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtgui4.dll
MOD - [2012.04.10 19:18:24 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtscript4.dll
MOD - [2012.04.10 19:18:22 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtsql4.dll
MOD - [2012.04.10 19:18:20 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtcore4.dll
MOD - [2012.04.10 19:18:20 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtnetwork4.dll
MOD - [2012.04.10 19:18:18 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.07.27 22:53:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.04.12 00:08:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.11 22:51:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.05.26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.12.24 07:55:20 | 005,865,289 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe -- (usbglcsservice)
SRV - [2010.08.27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.05.25 21:08:30 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.02 20:27:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.06.02 20:27:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.26 20:34:16 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.02.23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.12.24 07:55:17 | 000,024,064 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbglcs1080101.sys -- (usbglcs1080101)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.10 20:25:26 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2010.07.27 23:22:14 | 007,450,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.07.27 22:16:52 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009.12.22 04:31:04 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.19 07:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 07:30:14 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd)
DRV:64bit: - [2009.09.19 07:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 07:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 21:01:16 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.06.22 20:38:34 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.22 20:26:40 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 17:59:32 | 000,024,576 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RPGMOUSEV1.sys -- (KMWDFILTERV1)
DRV:64bit: - [2009.05.05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.08.07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.12.22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {68840E18-4E84-4C21-8147-D29F61851A09}
IE:64bit: - HKLM\..\SearchScopes\{68840E18-4E84-4C21-8147-D29F61851A09}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {F54EFC98-7B8A-4AA3-A8DD-78E80E85DB36}
IE - HKLM\..\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q={searchTerms}
IE - HKLM\..\SearchScopes\{F54EFC98-7B8A-4AA3-A8DD-78E80E85DB36}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?ocid=ie9hphttp [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}
IE - HKCU\..\SearchScopes\{14509999-C769-43BA-A81E-CDCAC7E330C1}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{32A8E952-D9B3-4AD0-8DBC-04B748D79EE7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
IE - HKCU\..\SearchScopes\{679FE04A-A103-48FC-AA4D-F152BBE669F6}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.5
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q="
FF - prefs.js..network.proxy.ftp: "77.48.30.205"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "77.48.30.205"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "77.48.30.205"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "77.48.30.205"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OLI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.01 15:58:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.01 15:58:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.01 15:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M]
 
[2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions
[2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2013.04.24 03:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions
[2011.12.30 20:52:15 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions\jyboy.yy@gmail.com
[2012.05.19 17:12:23 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2013.04.21 22:41:55 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\compatibility@addons.mozilla.org.xpi
[2013.04.04 03:45:22 | 000,281,174 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\download_mp3@dilandau.eu.xpi
[2013.01.27 00:18:55 | 000,194,374 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\plugin@filsh.net.xpi
[2013.02.11 03:25:56 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\stealthyextension@gmail.com.xpi
[2013.04.24 03:31:14 | 000,223,761 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2013.02.14 16:44:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.13 06:59:54 | 000,001,743 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\music-downloader.xml
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\startsear.xml
[2011.09.13 07:03:37 | 000,001,912 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\videosurf.xml
[2011.09.13 07:01:12 | 000,004,140 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\youtube.xml
[2013.04.11 22:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.04.11 22:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.11 22:51:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.12 10:54:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 10:54:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.12 10:54:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 10:54:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 10:54:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 10:54:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.30 04:00:07 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe (IObit)
O4 - HKCU..\Run: [XBGameingMouse] C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC774E8-9E9A-41F7-AF63-81DCAA31AC0C}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80F761BC-69FB-48E7-A0C8-5E72CEA4C0A3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E29FADF-7A39-4411-BC48-A23AC19D53D9}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A37F83FD-0ECF-4EA3-8D73-87835C07ACD8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4466a1ba-1753-11e0-99c1-88ae1dfea539}\Shell - "" = AutoRun
O33 - MountPoints2\{4466a1ba-1753-11e0-99c1-88ae1dfea539}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4466a1c5-1753-11e0-99c1-88ae1dfea539}\Shell - "" = AutoRun
O33 - MountPoints2\{4466a1c5-1753-11e0-99c1-88ae1dfea539}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cd1dcd6c-18e3-11e0-aa39-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{cd1dcd6c-18e3-11e0-aa39-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 19:56:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.30 11:34:10 | 000,000,000 | ---D | C] -- C:\Users\OLI\AppData\Roaming\dvdcss
[2013.04.21 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.21 21:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.11 22:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.09 07:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.04 12:59:18 | 000,000,000 | ---- | M] () -- C:\Users\OLI\defogger_reenable
[2013.05.04 12:55:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000UA.job
[2013.05.04 12:36:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 12:34:22 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 12:34:22 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 12:30:24 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.04 12:30:24 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.04 12:30:24 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.04 12:30:24 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.04 12:30:24 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.04 12:26:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 12:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 12:25:05 | 2211,205,120 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.04 12:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.04 06:55:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000Core.job
[2013.04.30 18:41:21 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.30 04:44:58 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.11 01:50:16 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.04 12:59:18 | 000,000,000 | ---- | C] () -- C:\Users\OLI\defogger_reenable
[2013.02.15 04:42:19 | 000,256,947 | ---- | C] () -- C:\Windows\QLPrism Uninstaller.exe
[2012.12.10 11:09:08 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.05.26 20:37:10 | 000,017,408 | ---- | C] () -- C:\Users\OLI\AppData\Local\WebpageIcons.db
[2012.03.19 13:44:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011.12.14 05:55:24 | 000,081,920 | ---- | C] () -- C:\Windows\qlprism-uninstall.exe
[2011.05.23 06:17:06 | 000,000,265 | ---- | C] () -- C:\Windows\game.ini
[2011.01.20 21:00:32 | 000,007,599 | ---- | C] () -- C:\Users\OLI\AppData\Local\resmon.resmoncfg
[2011.01.03 19:53:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.02.07 20:56:04 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Broken Sword 2.5
[2011.01.06 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.11.27 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\IObit
[2011.01.08 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\PC Suite
[2011.01.10 19:51:01 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\PlayFirst
[2012.11.04 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\POINTERGHOSTV1
[2012.10.28 17:57:34 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\QLDT
[2011.05.11 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Sahmon Games
[2011.01.31 23:41:53 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Samsung
[2013.04.30 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\SoftGrid Client
[2011.01.05 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Toshiba
[2011.01.10 08:13:29 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\TP
[2013.05.04 03:54:39 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\TS3Client
[2011.01.17 21:46:59 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\WinBatch
[2012.05.30 02:26:45 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Windows Live Writer
[2011.09.18 18:30:28 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 04.05.2013 13:05:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OLI\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 63,57% Memory free
5,49 Gb Paging File | 3,89 Gb Available in Paging File | 70,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 95,08 Gb Free Space | 63,79% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
 
Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1211D7D6-908C-462B-AA78-AE3830902511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1DD11942-7A6F-42AC-9773-EC8361AA416F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1EC5BCA6-F3B4-49F1-9B2C-FBD9F7892F8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1F4A363A-124C-41AF-8371-859378FDBC9B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{39196980-25E9-41A3-B8FE-21CDE2ACD24C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3A51B552-3E73-4EEA-9864-CAF1A7A00425}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50F7DD02-FFAF-4CB1-B179-80CD2693EE95}" = lport=137 | protocol=17 | dir=in | app=system | 
"{53821D93-1BCE-480C-BF0C-C17DF272AA18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{586D1FB6-2A07-4C68-9829-939236537700}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5D13920E-5AB5-4302-ABDA-584EF0CED3D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{65147306-555D-483C-B65C-04E8E798EAAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{78DB3E3D-D768-4B94-8CB4-FDB28B5F40F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CD525F6-35C5-45B2-BE42-3B0C85C90A71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8B48888E-5C62-4742-AC04-407DE0AB04A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9A534B4E-3184-40BD-A30E-23B5A85B66D4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9F046C08-0CD5-4580-BCF0-85A879819D80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA302B03-39FB-445D-9849-C0742FB0002F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C253D039-3B00-462D-AE0E-D268C4017FA2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C8DF7340-8159-4C2F-9E53-D11356BA41DB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D687C250-333F-403B-9864-31B8A1E737DB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E08610B7-AF8B-4E6B-8410-A3AEE6D26E5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5120809-1EBF-4196-A473-CE47B057A645}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EE601E16-D352-44A7-A325-1F0A8F0294BE}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066B6764-1F20-461B-AA1D-565A9DFA2E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{0FA44BAF-A3F7-4CB1-83E0-FE18831309A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{16668A7D-8A46-4A7B-9D31-613B8A58F20C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{253F5739-D4CE-48A2-8769-9BA7FD164694}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{2D54B855-24E9-41F0-BD50-10F069BD27CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36EECCEA-A5A6-4B62-BD4D-C3112ABAE12E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{39301E41-3919-42DF-AB44-727979F26393}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{3ABFF15A-A630-4135-9867-23F5DF19487A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41564087-A844-47E2-8BE5-F18FDB56FE61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C38120C-8647-4D00-B726-A1DCC7BCBAAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{57C96228-5D68-4558-8B44-DB3E305B9188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61547546-893E-434F-9FBD-C6294B8F727D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6BB98B3A-7580-45E4-91FA-92E12A99A499}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FFE608B-67CF-457C-9465-53AA7B32ABCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76381093-71D7-448B-B0AC-FB70F54A7924}" = protocol=6 | dir=out | app=system | 
"{784A83C3-2258-4F7C-ABF3-2A4A328AA5DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{78EC69CE-053F-412B-AC28-2722B66C0E4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{7D1DE0BE-79F8-46FF-B38F-78EBFCDC06E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{915C0F03-2DA0-4DC2-81F7-BE59D151A627}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{94275EC7-C437-4517-9116-C7993D2F5A15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB930DAB-D69F-4979-98F5-F8121B99882F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{ADEFF3B4-83D0-41E6-A139-EE06EEF2337B}" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{B94911F1-D56F-4189-8016-547F33583E2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C19AAA2A-1D4A-4136-9086-A9858DAD82A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C1DDB058-B9F7-4D18-9876-45FCC8245389}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C66C1C97-0E3E-4C41-858D-46AE51949703}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6C704B5-13D9-4E85-BFF6-09A8211F59D6}" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"TCP Query User{1D3F0D53-F812-4346-91F9-7482DE757A31}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{2DEB07CC-C537-481A-9346-131597109249}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{6B9258EA-9CD3-4823-B59D-0AA1D2EBE00A}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe | 
"TCP Query User{7D63FFF2-75D6-46AF-B261-0ABA263B37D7}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | 
"UDP Query User{785F008C-33A0-482E-A5A9-2944504347F1}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | 
"UDP Query User{909B5985-1F84-440A-96AE-E0453AD62E31}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe | 
"UDP Query User{AAA0D1E3-1C2A-4144-A989-CD077071C71F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{C8B1DD81-E506-4D4E-9975-F46C579D115A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}" = ATI Catalyst Install Manager
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CC3F8680-2A8A-95B1-584E-EA4BDE0DF783}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0CB6FBBE-71FC-7AE1-0506-AF2DFAAB5F99}" = CCC Help Finnish
"{0DCDE91E-ACD7-A105-A713-CF3C22BC1EF7}" = CCC Help Portuguese
"{0E4D665E-0441-D356-1B61-4FDCE2122F54}" = CCC Help Danish
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3AB215C2-0BE4-EC89-A90A-FA54B7C03E0A}" = CCC Help Chinese Traditional
"{3B2AFF45-1C2E-E544-A480-A9CA43FC8977}" = Catalyst Control Center Localization All
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E70F662-B29D-FE4E-D31D-0D088AB3C42E}" = CCC Help German
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40C17193-BC19-CB9F-35DA-A44F9B6A520F}" = Catalyst Control Center Graphics Previews Common
"{418E42D7-E8D0-1953-B7ED-9D75149D64D5}" = CCC Help Turkish
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CE1803-BA5B-F103-47E8-296CD40EB98C}" = Photo Service - powered by myphotobook
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F8EBB31-EB6A-7C7A-40ED-57F2841998EB}" = CCC Help Czech
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64E65803-D18A-D799-01A9-69ACB8B49B5E}" = CCC Help Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{85A87BCB-C8A1-179D-231D-D77C2462394F}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95CFDCE3-0AE1-01F5-D9C8-D5016C49D2D9}" = CCC Help Hungarian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC701E9-79FB-19EB-907C-33730D6D9450}" = Catalyst Control Center Graphics Previews Vista
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A392A7FE-2216-4F7B-AF2F-24F1533DB860}" = Quake Live Internet Explorer Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A920CC75-A1F8-4275-6CBF-0B7817AF364E}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B10364A6-B6BD-9F06-BF50-A779FBE803F4}" = CCC Help Polish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D136FCBA-7D93-DA4E-ED4D-024ACA891E70}" = CCC Help Japanese
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5F7D473-4819-D77B-E5A8-4B1569C47A2D}" = CCC Help Korean
"{D7397487-E01A-6ACE-C24E-BB19469B9FDE}" = CCC Help Swedish
"{DB928E9C-4C6B-DDF4-0748-C4D542A75E95}" = CCC Help Chinese Standard
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.9
"{DDC8362F-D041-6C5E-0221-E23CF71C73AE}" = CCC Help Spanish
"{DDDD6410-C2B9-7BC7-3A93-0D155AE07E25}" = Catalyst Control Center InstallProxy
"{DEC74752-09D3-309D-72B6-40114F57B223}" = CCC Help Russian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
"{EC8D0634-4567-DBD4-97B2-F8C879F7DBF8}" = CCC Help English
"{F0483BEB-E626-E306-DFBD-D3A1E582BF43}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2431B40-5D69-BBB8-F20B-4F28D8ED563E}" = CCC Help Thai
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4AECBDF-6985-E352-7392-152A0570573E}" = CCC Help Greek
"{F5A6CC63-2BED-914D-04E5-1702471E675D}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"BILDmobil" = BILDmobil
"Bridge Construction Set_is1" = Bridge Construction Set 1.3.9.1
"CloneCD" = CloneCD
"Das Quiz mit Jörg Pilawa Special" = Das Quiz mit Jörg Pilawa Special
"Die Wiege Roms" = Die Wiege Roms
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ELECOM E-Force Laser Gaming Mouse14101" = ELECOM E-Force Laser Gaming Mouse
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Game Booster_is1" = Game Booster 3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"QLDT" = Quake Live Demo Tools
"QLPrism" = QLPrism
"SopCast" = SopCast 3.5.0
"Star Sword_is1" = Star Sword
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.09.2012 22:59:16 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VLC 64bit.exe, Version: 2.0.2.0, 
Zeitstempel: 0x4fec5841  Name des fehlerhaften Moduls: libpostproc_plugin.dll, Version:
 0.0.0.0, Zeitstempel: 0x4fec5857  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000002c61
ID
 des fehlerhaften Prozesses: 0x9cc  Startzeit der fehlerhaften Anwendung: 0x01cd8ca3acc74c21
Pfad
 der fehlerhaften Anwendung: C:\Users\OLI\Downloads\vlc-2.0.2\VLC 64bit.exe  Pfad 
des fehlerhaften Moduls: C:\Users\OLI\Downloads\vlc-2.0.2\plugins\video_filter\libpostproc_plugin.dll
Berichtskennung:
 0215a03c-f898-11e1-9d2e-88ae1dfea539
 
Error - 09.09.2012 17:05:04 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 17.09.2012 06:25:20 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 24.09.2012 16:41:27 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XMedia Recode.exe, Version: 3.1.2.5,
 Zeitstempel: 0x504e33a6  Name des fehlerhaften Moduls: XMedia Recode.exe, Version:
 3.1.2.5, Zeitstempel: 0x504e33a6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000370a
ID
 des fehlerhaften Prozesses: 0x788  Startzeit der fehlerhaften Anwendung: 0x01cd9a92c6cf8b6f
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe
Berichtskennung:
 361efa99-0688-11e2-a974-88ae1dfea539
 
Error - 28.09.2012 21:20:54 | Computer Name = Liebert | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Plugin Container for Firefox" konnte
 nicht heruntergefahren werden.
 
Error - 28.09.2012 22:46:15 | Computer Name = Liebert | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren
 werden.
 
Error - 01.10.2012 05:08:23 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 07.10.2012 13:57:30 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 14.10.2012 14:34:45 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.1.4666,
 Zeitstempel: 0x5076192e  Name des fehlerhaften Moduls: xul.dll, Version: 16.0.1.4666,
 Zeitstempel: 0x50761893  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000be717  ID des fehlerhaften
 Prozesses: 0xe34  Startzeit der fehlerhaften Anwendung: 0x01cdaa33f8523935  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 d2f6b52e-162d-11e2-b57b-88ae1dfea539
 
Error - 14.10.2012 15:16:32 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Media Center Events ]
Error - 15.02.2011 02:57:44 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 07:57:44 - Fehler beim Herstellen der Internetverbindung.  07:57:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.02.2011 02:57:57 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 07:57:49 - Fehler beim Herstellen der Internetverbindung.  07:57:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.02.2011 16:45:15 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 21:45:15 - Fehler beim Herstellen der Internetverbindung.  21:45:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.02.2011 16:45:26 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 21:45:21 - Fehler beim Herstellen der Internetverbindung.  21:45:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.02.2011 17:45:31 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 22:45:31 - Fehler beim Herstellen der Internetverbindung.  22:45:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.02.2011 17:45:37 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 22:45:36 - Fehler beim Herstellen der Internetverbindung.  22:45:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.03.2011 15:05:40 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:05:40 - Fehler beim Herstellen der Internetverbindung.  20:05:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.03.2011 15:05:51 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:05:45 - Fehler beim Herstellen der Internetverbindung.  20:05:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.06.2011 14:01:58 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:01:58 - Fehler beim Herstellen der Internetverbindung.  20:01:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.06.2011 14:02:08 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:02:03 - Fehler beim Herstellen der Internetverbindung.  20:02:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 03.05.2013 07:09:59 | Computer Name = Liebert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?05.?2013 um 13:08:53 unerwartet heruntergefahren.
 
Error - 03.05.2013 07:10:45 | Computer Name = Liebert | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 03.05.2013 07:10:45 | Computer Name = Liebert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 03.05.2013 07:55:53 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Software Protection erreicht.
 
Error - 03.05.2013 07:55:53 | Computer Name = Liebert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 04.05.2013 00:30:59 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 04.05.2013 05:55:17 | Computer Name = Liebert | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht
 richtig gestartet.
 
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = DCOM | ID = 10005
Description = 
 
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft-Softwareschattenkopie-Anbieter erreicht.
 
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
Gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-04 14:41:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 TOSHIBA_ rev.GH10 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\OLI\AppData\Local\Temp\ufddapog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                     fffff80002fee000 63 bytes [00, EC, F6, 02, 80, FA, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626                                                                                     fffff80002fee042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074fb1465 2 bytes [FB, 74]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074fb14bb 2 bytes [FB, 74]
.text     ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\svchost.exe [1040:1176]                                                                                                            000007fefb6a8274
Thread    C:\Windows\system32\svchost.exe [1040:3788]                                                                                                            000007fefb6a8274
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2724]                                                             000000007175102d
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2732]                                                             000000007145f1dc
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2740]                                                             000000007145f1dc
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2744]                                                             00000000714555d3
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:3044]                                                             00000000716fc159
Thread    C:\Windows\system32\taskhost.exe [3768:4004]                                                                                                           000007fef4a12740
Thread    C:\Windows\system32\taskhost.exe [3768:4052]                                                                                                           000007fef49f1f38
Thread    C:\Windows\system32\taskhost.exe [3768:3852]                                                                                                           000007fefb991010

---- EOF - GMER 2.1 ----
         

Alt 04.05.2013, 15:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.05.2013, 15:54   #3
O.L.I.
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Hallo.
Danke für die schnelle Reaktion. Hier sind noch gefundene Sachen von meinem vorherigen Kaspersky CBE 2011,die ich deswegen nicht gepostet habe,weil ich dachte nicht zuviel durcheinander zu posten und erstmal das akutere Problem lösen wollte.

Code:
ATTFilter
All Users:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT	Gefunden: HiddenObject.Multi.Generic	30.04.2012 21:23:26	c:\Documents and Settings\	Protokolliert	Untersuchung des Computers	

All Users:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT	Nicht desinfizierte Objekte: HiddenObject.Multi.Generic	30.04.2012 21:23:26	c:\Documents and Settings\	Zurückgestellt	Untersuchung des Computers	

ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT	Gefunden: HiddenObject.Multi.Generic	30.04.2012 21:23:24	c:\	Protokolliert	Untersuchung des Computers	

ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT	Nicht desinfizierte Objekte: HiddenObject.Multi.Generic	30.04.2012 21:23:24	c:\	Zurückgestellt	Untersuchung des Computers
         
__________________

Alt 04.05.2013, 15:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.05.2013, 16:05   #5
O.L.I.
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Zitat:
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Soll ich auch den letzten Malwarebytes Log posten?


Alt 04.05.2013, 16:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Ja poste bitte alle Logs
__________________
--> Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam

Alt 04.05.2013, 17:07   #7
O.L.I.
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Soll ich bei aswMBR den QuickScan machen oder c: scannen? Da ist noch ein Auswahlkästchen,daß nicht in der Anleitung war und in der Anleitung nur steht nach der Virendatenbank-Aktualisierung den "Scan" Button drücken/starten. Also nehme ich dadurch an,daß ich alle Häkchen/Einstellungen so lassen soll ,wie sie sind und den Scan starten soll. Und die stehen halt auf "Quick Scan".

Und bei tdsskiller ist widersprüchlich,daß man nach dem Scan die Funde nicht selber löschen soll,aber bei dem nächsten Schritt in der Anleitung "Starte den Rechner neu" ist eine Grafik und da steht "Infection: will be cured after reboot". Deswegen hab ich mich noch nich getraut tdsskiller zu starten.

Geändert von O.L.I. (04.05.2013 um 17:16 Uhr)

Alt 04.05.2013, 22:10   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Quickscan mit aswMBR reicht und bei tdsskiller steht ausdrücklich, dass du nichts entfernen sollst!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.05.2013, 01:01   #9
O.L.I.
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Sorry. Hätte ich deinen Absatz erst zuende gelesen bevor ich den Link für die Anleitung klicke,hätte ich es gleich gecheckt. Sorry. Passiert nich wwieder.

MalwarebytesAnitmalware:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OLI :: LIEBERT [Administrator]

03.05.2013 11:56:58
mbam-log-2013-05-03 (11-56-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 371500
Laufzeit: 53 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-04 17:35:29
-----------------------------
17:35:29.668    OS Version: Windows x64 6.1.7601 Service Pack 1
17:35:29.668    Number of processors: 2 586 0x603
17:35:29.668    ComputerName: LIEBERT  UserName: OLI
17:35:30.167    Initialize success
17:37:05.874    AVAST engine defs: 13050400
17:38:42.704    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
17:38:42.719    Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
17:38:42.829    Disk 0 MBR read successfully
17:38:42.844    Disk 0 MBR scan
17:38:42.844    Disk 0 Windows 7 default MBR code
17:38:42.860    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
17:38:42.875    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152622 MB offset 821248
17:38:42.907    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152222 MB offset 313391104
17:38:43.047    Disk 0 scanning C:\Windows\system32\drivers
17:38:55.184    Service scanning
17:39:39.847    Modules scanning
17:39:39.847    Disk 0 trace - called modules:
17:39:39.878    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
17:39:39.893    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800329e490]
17:39:39.893    3 CLASSPNP.SYS[fffff8800209643f] -> nt!IofCallDriver -> [0xfffffa80021db040]
17:39:39.893    5 amdxata.sys[fffff88000c647a8] -> nt!IofCallDriver -> \Device\00000060[0xfffffa80030ee5e0]
17:39:40.408    AVAST engine scan C:\Windows
17:39:42.545    AVAST engine scan C:\Windows\system32
17:43:07.483    AVAST engine scan C:\Windows\system32\drivers
17:43:21.585    AVAST engine scan C:\Users\OLI
17:47:50.015    AVAST engine scan C:\ProgramData
17:51:05.468    Scan finished successfully
17:51:22.191    Disk 0 MBR has been saved successfully to "C:\Users\OLI\Desktop\MBR.dat"
17:51:22.191    The log file has been saved successfully to "C:\Users\OLI\Desktop\aswMBR.txt"
         

mbar:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OLI :: LIEBERT [administrator]

04.05.2013 17:27:25
mbar-log-2013-05-04 (17-27-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29176
Time elapsed: 13 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

tdsskiller
Code:
ATTFilter
01:51:00.0440 2196  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:51:00.0799 2196  ============================================================
01:51:00.0799 2196  Current date / time: 2013/05/05 01:51:00.0799
01:51:00.0799 2196  SystemInfo:
01:51:00.0799 2196  
01:51:00.0799 2196  OS Version: 6.1.7601 ServicePack: 1.0
01:51:00.0799 2196  Product type: Workstation
01:51:00.0799 2196  ComputerName: LIEBERT
01:51:00.0799 2196  UserName: OLI
01:51:00.0799 2196  Windows directory: C:\Windows
01:51:00.0799 2196  System windows directory: C:\Windows
01:51:00.0799 2196  Running under WOW64
01:51:00.0799 2196  Processor architecture: Intel x64
01:51:00.0799 2196  Number of processors: 2
01:51:00.0799 2196  Page size: 0x1000
01:51:00.0799 2196  Boot type: Normal boot
01:51:00.0799 2196  ============================================================
01:51:02.0156 2196  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:51:02.0172 2196  ============================================================
01:51:02.0172 2196  \Device\Harddisk0\DR0:
01:51:02.0172 2196  MBR partitions:
01:51:02.0172 2196  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
01:51:02.0172 2196  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
01:51:02.0172 2196  ============================================================
01:51:02.0203 2196  C: <-> \Device\Harddisk0\DR0\Partition1
01:51:02.0234 2196  D: <-> \Device\Harddisk0\DR0\Partition2
01:51:02.0234 2196  ============================================================
01:51:02.0234 2196  Initialize success
01:51:02.0234 2196  ============================================================
01:51:14.0808 2612  ============================================================
01:51:14.0808 2612  Scan started
01:51:14.0808 2612  Mode: Manual; SigCheck; TDLFS; 
01:51:14.0808 2612  ============================================================
01:51:16.0758 2612  ================ Scan system memory ========================
01:51:16.0758 2612  System memory - ok
01:51:16.0758 2612  ================ Scan services =============================
01:51:16.0898 2612  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:51:17.0163 2612  1394ohci - ok
01:51:17.0210 2612  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:51:17.0226 2612  ACPI - ok
01:51:17.0272 2612  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:51:17.0335 2612  AcpiPmi - ok
01:51:17.0428 2612  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:51:17.0444 2612  AdobeARMservice - ok
01:51:17.0553 2612  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:51:17.0569 2612  AdobeFlashPlayerUpdateSvc - ok
01:51:17.0616 2612  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:51:17.0631 2612  adp94xx - ok
01:51:17.0662 2612  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:51:17.0678 2612  adpahci - ok
01:51:17.0694 2612  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:51:17.0709 2612  adpu320 - ok
01:51:17.0772 2612  [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
01:51:17.0803 2612  AdvancedSystemCareService5 - ok
01:51:17.0834 2612  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:51:17.0943 2612  AeLookupSvc - ok
01:51:17.0990 2612  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:51:18.0037 2612  AFD - ok
01:51:18.0068 2612  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:51:18.0084 2612  agp440 - ok
01:51:18.0115 2612  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:51:18.0177 2612  ALG - ok
01:51:18.0193 2612  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:51:18.0208 2612  aliide - ok
01:51:18.0240 2612  [ 8FB0FE84496291F35090DA6352889472 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:51:18.0318 2612  AMD External Events Utility - ok
01:51:18.0349 2612  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:51:18.0364 2612  amdide - ok
01:51:18.0396 2612  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:51:18.0442 2612  AmdK8 - ok
01:51:18.0598 2612  [ 0D8BA29B572C916669F267706ED498CD ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
01:51:18.0817 2612  amdkmdag - ok
01:51:18.0832 2612  [ 5D06AB33F2C1F2265D57C8975514D9D7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
01:51:18.0879 2612  amdkmdap - ok
01:51:18.0895 2612  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:51:18.0926 2612  AmdPPM - ok
01:51:18.0957 2612  [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
01:51:18.0988 2612  amdsata - ok
01:51:19.0020 2612  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:51:19.0035 2612  amdsbs - ok
01:51:19.0066 2612  [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
01:51:19.0082 2612  amdxata - ok
01:51:19.0113 2612  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:51:19.0269 2612  AppID - ok
01:51:19.0300 2612  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:51:19.0363 2612  AppIDSvc - ok
01:51:19.0410 2612  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
01:51:19.0472 2612  Appinfo - ok
01:51:19.0503 2612  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:51:19.0519 2612  arc - ok
01:51:19.0534 2612  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:51:19.0550 2612  arcsas - ok
01:51:19.0566 2612  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:51:19.0628 2612  AsyncMac - ok
01:51:19.0659 2612  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:51:19.0675 2612  atapi - ok
01:51:19.0722 2612  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
01:51:19.0722 2612  AtiPcie - ok
01:51:19.0800 2612  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
01:51:19.0815 2612  atksgt - ok
01:51:19.0878 2612  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:51:19.0940 2612  AudioEndpointBuilder - ok
01:51:19.0940 2612  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:51:19.0987 2612  AudioSrv - ok
01:51:20.0049 2612  [ 38AE54966E8C0004F20965BBC00F74FB ] AVP             C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
01:51:20.0065 2612  AVP - ok
01:51:20.0096 2612  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:51:20.0190 2612  AxInstSV - ok
01:51:20.0221 2612  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
01:51:20.0283 2612  b06bdrv - ok
01:51:20.0314 2612  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:51:20.0361 2612  b57nd60a - ok
01:51:20.0470 2612  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
01:51:20.0486 2612  BBSvc - ok
01:51:20.0533 2612  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
01:51:20.0548 2612  BBUpdate - ok
01:51:20.0564 2612  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:51:20.0626 2612  BDESVC - ok
01:51:20.0642 2612  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:51:20.0704 2612  Beep - ok
01:51:20.0736 2612  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:51:20.0798 2612  BFE - ok
01:51:20.0845 2612  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
01:51:20.0923 2612  BITS - ok
01:51:20.0938 2612  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:51:20.0954 2612  blbdrive - ok
01:51:21.0001 2612  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:51:21.0032 2612  bowser - ok
01:51:21.0063 2612  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:51:21.0110 2612  BrFiltLo - ok
01:51:21.0110 2612  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:51:21.0141 2612  BrFiltUp - ok
01:51:21.0172 2612  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:51:21.0219 2612  Browser - ok
01:51:21.0250 2612  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:51:21.0328 2612  Brserid - ok
01:51:21.0344 2612  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:51:21.0422 2612  BrSerWdm - ok
01:51:21.0453 2612  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:51:21.0516 2612  BrUsbMdm - ok
01:51:21.0547 2612  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:51:21.0578 2612  BrUsbSer - ok
01:51:21.0609 2612  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:51:21.0640 2612  BTHMODEM - ok
01:51:21.0672 2612  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:51:21.0718 2612  bthserv - ok
01:51:21.0734 2612  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:51:21.0812 2612  cdfs - ok
01:51:21.0843 2612  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
01:51:21.0874 2612  cdrom - ok
01:51:21.0921 2612  [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter      C:\Windows\system32\DRIVERS\CeKbFilter.sys
01:51:21.0921 2612  CeKbFilter - ok
01:51:21.0952 2612  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:51:21.0999 2612  CertPropSvc - ok
01:51:22.0077 2612  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
01:51:22.0093 2612  cfWiMAXService - ok
01:51:22.0124 2612  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:51:22.0155 2612  circlass - ok
01:51:22.0186 2612  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:51:22.0218 2612  CLFS - ok
01:51:22.0280 2612  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:51:22.0296 2612  clr_optimization_v2.0.50727_32 - ok
01:51:22.0358 2612  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:51:22.0374 2612  clr_optimization_v2.0.50727_64 - ok
01:51:22.0436 2612  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:51:22.0514 2612  clr_optimization_v4.0.30319_32 - ok
01:51:22.0592 2612  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:51:22.0608 2612  clr_optimization_v4.0.30319_64 - ok
01:51:22.0623 2612  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:51:22.0670 2612  CmBatt - ok
01:51:22.0701 2612  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:51:22.0717 2612  cmdide - ok
01:51:22.0764 2612  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
01:51:22.0826 2612  CNG - ok
01:51:22.0842 2612  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:51:22.0857 2612  Compbatt - ok
01:51:22.0904 2612  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:51:22.0935 2612  CompositeBus - ok
01:51:22.0951 2612  COMSysApp - ok
01:51:22.0966 2612  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
01:51:22.0982 2612  ConfigFree Service - ok
01:51:23.0013 2612  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:51:23.0029 2612  crcdisk - ok
01:51:23.0076 2612  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:51:23.0122 2612  CryptSvc - ok
01:51:23.0216 2612  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:51:23.0247 2612  cvhsvc - ok
01:51:23.0278 2612  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:51:23.0356 2612  DcomLaunch - ok
01:51:23.0388 2612  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:51:23.0434 2612  defragsvc - ok
01:51:23.0466 2612  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:51:23.0528 2612  DfsC - ok
01:51:23.0559 2612  [ FFCCD922F305B8CFBA8D99F65E35EDD7 ] dgderdrv        C:\Windows\system32\drivers\dgderdrv.sys
01:51:23.0575 2612  dgderdrv - ok
01:51:23.0606 2612  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:51:23.0668 2612  Dhcp - ok
01:51:23.0700 2612  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:51:23.0746 2612  discache - ok
01:51:23.0762 2612  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:51:23.0778 2612  Disk - ok
01:51:23.0809 2612  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:51:23.0856 2612  Dnscache - ok
01:51:23.0887 2612  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:51:23.0934 2612  dot3svc - ok
01:51:23.0980 2612  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:51:24.0027 2612  DPS - ok
01:51:24.0058 2612  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:51:24.0090 2612  drmkaud - ok
01:51:24.0136 2612  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:51:24.0168 2612  DXGKrnl - ok
01:51:24.0199 2612  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:51:24.0246 2612  EapHost - ok
01:51:24.0339 2612  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
01:51:24.0480 2612  ebdrv - ok
01:51:24.0511 2612  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:51:24.0573 2612  EFS - ok
01:51:24.0636 2612  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:51:24.0714 2612  ehRecvr - ok
01:51:24.0729 2612  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:51:24.0792 2612  ehSched - ok
01:51:24.0885 2612  [ 9387A484D31209D7FC3F795A787294DB ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
01:51:24.0901 2612  ElbyCDFL - ok
01:51:24.0963 2612  [ 3836E2DB9034543F63943CDBB52A691A ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
01:51:24.0979 2612  ElbyCDIO - ok
01:51:25.0010 2612  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:51:25.0026 2612  elxstor - ok
01:51:25.0041 2612  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:51:25.0072 2612  ErrDev - ok
01:51:25.0104 2612  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:51:25.0150 2612  EventSystem - ok
01:51:25.0182 2612  [ 53913561A7089C9A4649CE4E42F6101B ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
01:51:25.0213 2612  ewusbnet - ok
01:51:25.0228 2612  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:51:25.0275 2612  exfat - ok
01:51:25.0306 2612  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:51:25.0384 2612  fastfat - ok
01:51:25.0431 2612  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:51:25.0494 2612  Fax - ok
01:51:25.0525 2612  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:51:25.0540 2612  fdc - ok
01:51:25.0572 2612  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:51:25.0618 2612  fdPHost - ok
01:51:25.0650 2612  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:51:25.0696 2612  FDResPub - ok
01:51:25.0728 2612  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:51:25.0743 2612  FileInfo - ok
01:51:25.0759 2612  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:51:25.0806 2612  Filetrace - ok
01:51:25.0837 2612  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:51:25.0852 2612  flpydisk - ok
01:51:25.0899 2612  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:51:25.0915 2612  FltMgr - ok
01:51:25.0977 2612  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
01:51:26.0040 2612  FontCache - ok
01:51:26.0086 2612  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:51:26.0102 2612  FontCache3.0.0.0 - ok
01:51:26.0133 2612  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:51:26.0149 2612  FsDepends - ok
01:51:26.0164 2612  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:51:26.0180 2612  Fs_Rec - ok
01:51:26.0227 2612  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:51:26.0242 2612  fvevol - ok
01:51:26.0274 2612  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:51:26.0289 2612  gagp30kx - ok
01:51:26.0336 2612  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:51:26.0398 2612  gpsvc - ok
01:51:26.0461 2612  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:51:26.0476 2612  gupdate - ok
01:51:26.0492 2612  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:51:26.0492 2612  gupdatem - ok
01:51:26.0523 2612  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:51:26.0570 2612  hcw85cir - ok
01:51:26.0601 2612  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:51:26.0632 2612  HdAudAddService - ok
01:51:26.0664 2612  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:51:26.0695 2612  HDAudBus - ok
01:51:26.0710 2612  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:51:26.0742 2612  HidBatt - ok
01:51:26.0773 2612  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:51:26.0788 2612  HidBth - ok
01:51:26.0820 2612  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:51:26.0835 2612  HidIr - ok
01:51:26.0866 2612  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
01:51:26.0913 2612  hidserv - ok
01:51:26.0960 2612  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:51:26.0976 2612  HidUsb - ok
01:51:27.0007 2612  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:51:27.0069 2612  hkmsvc - ok
01:51:27.0116 2612  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:51:27.0163 2612  HomeGroupListener - ok
01:51:27.0210 2612  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:51:27.0241 2612  HomeGroupProvider - ok
01:51:27.0256 2612  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:51:27.0272 2612  HpSAMD - ok
01:51:27.0319 2612  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:51:27.0397 2612  HTTP - ok
01:51:27.0428 2612  [ D96A290F699081AE737390C0FE329D7C ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:51:27.0459 2612  hwdatacard - ok
01:51:27.0490 2612  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:51:27.0506 2612  hwpolicy - ok
01:51:27.0537 2612  [ E0C7255498640FC64B19AAE17FD6F965 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
01:51:27.0553 2612  hwusbdev - ok
01:51:27.0600 2612  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:51:27.0615 2612  i8042prt - ok
01:51:27.0662 2612  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:51:27.0693 2612  iaStorV - ok
01:51:27.0771 2612  [ 4DE2EE2A5186D74BABC4E7F60D2AE989 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
01:51:27.0818 2612  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
01:51:27.0818 2612  IconMan_R - detected UnsignedFile.Multi.Generic (1)
01:51:27.0896 2612  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:51:27.0912 2612  idsvc - ok
01:51:27.0927 2612  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:51:27.0943 2612  iirsp - ok
01:51:27.0990 2612  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:51:28.0052 2612  IKEEXT - ok
01:51:28.0130 2612  [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:51:28.0208 2612  IntcAzAudAddService - ok
01:51:28.0224 2612  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:51:28.0239 2612  intelide - ok
01:51:28.0270 2612  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:51:28.0302 2612  intelppm - ok
01:51:28.0333 2612  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:51:28.0380 2612  IPBusEnum - ok
01:51:28.0411 2612  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:51:28.0458 2612  IpFilterDriver - ok
01:51:28.0504 2612  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:51:28.0567 2612  iphlpsvc - ok
01:51:28.0598 2612  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:51:28.0629 2612  IPMIDRV - ok
01:51:28.0660 2612  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:51:28.0707 2612  IPNAT - ok
01:51:28.0723 2612  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:51:28.0738 2612  IRENUM - ok
01:51:28.0754 2612  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:51:28.0770 2612  isapnp - ok
01:51:28.0801 2612  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:51:28.0832 2612  iScsiPrt - ok
01:51:28.0863 2612  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:51:28.0879 2612  kbdclass - ok
01:51:28.0894 2612  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:51:28.0910 2612  kbdhid - ok
01:51:28.0926 2612  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:51:28.0941 2612  KeyIso - ok
01:51:28.0988 2612  [ E656FE10D6D27794AFA08136685A69E8 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
01:51:29.0019 2612  KL1 - ok
01:51:29.0035 2612  [ D865DD8B0448E3F963D68C04C532858F ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
01:51:29.0035 2612  kl2 - ok
01:51:29.0097 2612  [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
01:51:29.0113 2612  KLIF - ok
01:51:29.0175 2612  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
01:51:29.0191 2612  KLIM6 - ok
01:51:29.0191 2612  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
01:51:29.0206 2612  klmouflt - ok
01:51:29.0238 2612  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
01:51:29.0253 2612  KMWDFILTER - ok
01:51:29.0284 2612  [ CC362AF6C5D13C3C5403819577ABD8C9 ] KMWDFILTERV1    C:\Windows\system32\DRIVERS\RPGMOUSEV1.sys
01:51:29.0316 2612  KMWDFILTERV1 - ok
01:51:29.0362 2612  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:51:29.0378 2612  KSecDD - ok
01:51:29.0409 2612  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:51:29.0425 2612  KSecPkg - ok
01:51:29.0456 2612  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:51:29.0503 2612  ksthunk - ok
01:51:29.0534 2612  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:51:29.0596 2612  KtmRm - ok
01:51:29.0643 2612  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:51:29.0690 2612  LanmanServer - ok
01:51:29.0721 2612  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:51:29.0768 2612  LanmanWorkstation - ok
01:51:29.0799 2612  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
01:51:29.0815 2612  lirsgt - ok
01:51:29.0830 2612  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:51:29.0893 2612  lltdio - ok
01:51:29.0924 2612  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:51:29.0986 2612  lltdsvc - ok
01:51:30.0002 2612  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:51:30.0049 2612  lmhosts - ok
01:51:30.0080 2612  [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
01:51:30.0096 2612  LPCFilter - ok
01:51:30.0111 2612  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:51:30.0127 2612  LSI_FC - ok
01:51:30.0158 2612  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:51:30.0174 2612  LSI_SAS - ok
01:51:30.0205 2612  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:51:30.0205 2612  LSI_SAS2 - ok
01:51:30.0220 2612  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:51:30.0236 2612  LSI_SCSI - ok
01:51:30.0267 2612  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:51:30.0314 2612  luafv - ok
01:51:30.0345 2612  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:51:30.0361 2612  Mcx2Svc - ok
01:51:30.0376 2612  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:51:30.0392 2612  megasas - ok
01:51:30.0408 2612  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:51:30.0439 2612  MegaSR - ok
01:51:30.0454 2612  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:51:30.0517 2612  MMCSS - ok
01:51:30.0532 2612  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:51:30.0579 2612  Modem - ok
01:51:30.0610 2612  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:51:30.0642 2612  monitor - ok
01:51:30.0673 2612  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:51:30.0688 2612  mouclass - ok
01:51:30.0720 2612  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:51:30.0735 2612  mouhid - ok
01:51:30.0766 2612  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:51:30.0782 2612  mountmgr - ok
01:51:30.0876 2612  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:51:30.0876 2612  MozillaMaintenance - ok
01:51:30.0907 2612  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:51:30.0922 2612  mpio - ok
01:51:30.0938 2612  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:51:31.0000 2612  mpsdrv - ok
01:51:31.0032 2612  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:51:31.0110 2612  MpsSvc - ok
01:51:31.0141 2612  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:51:31.0156 2612  MRxDAV - ok
01:51:31.0188 2612  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:51:31.0219 2612  mrxsmb - ok
01:51:31.0266 2612  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:51:31.0297 2612  mrxsmb10 - ok
01:51:31.0312 2612  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:51:31.0344 2612  mrxsmb20 - ok
01:51:31.0375 2612  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:51:31.0390 2612  msahci - ok
01:51:31.0406 2612  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:51:31.0422 2612  msdsm - ok
01:51:31.0437 2612  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:51:31.0453 2612  MSDTC - ok
01:51:31.0484 2612  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:51:31.0531 2612  Msfs - ok
01:51:31.0562 2612  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:51:31.0640 2612  mshidkmdf - ok
01:51:31.0656 2612  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:51:31.0656 2612  msisadrv - ok
01:51:31.0687 2612  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:51:31.0734 2612  MSiSCSI - ok
01:51:31.0749 2612  msiserver - ok
01:51:31.0765 2612  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:51:31.0812 2612  MSKSSRV - ok
01:51:31.0827 2612  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:51:31.0890 2612  MSPCLOCK - ok
01:51:31.0905 2612  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:51:31.0952 2612  MSPQM - ok
01:51:31.0983 2612  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:51:31.0999 2612  MsRPC - ok
01:51:32.0046 2612  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:51:32.0061 2612  mssmbios - ok
01:51:32.0077 2612  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:51:32.0124 2612  MSTEE - ok
01:51:32.0155 2612  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:51:32.0186 2612  MTConfig - ok
01:51:32.0202 2612  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:51:32.0217 2612  Mup - ok
01:51:32.0248 2612  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:51:32.0311 2612  napagent - ok
01:51:32.0342 2612  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:51:32.0389 2612  NativeWifiP - ok
01:51:32.0436 2612  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:51:32.0467 2612  NDIS - ok
01:51:32.0498 2612  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:51:32.0545 2612  NdisCap - ok
01:51:32.0545 2612  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:51:32.0592 2612  NdisTapi - ok
01:51:32.0623 2612  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:51:32.0685 2612  Ndisuio - ok
01:51:32.0716 2612  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:51:32.0779 2612  NdisWan - ok
01:51:32.0810 2612  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:51:32.0857 2612  NDProxy - ok
01:51:32.0888 2612  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:51:32.0935 2612  NetBIOS - ok
01:51:32.0966 2612  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:51:33.0013 2612  NetBT - ok
01:51:33.0028 2612  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:51:33.0044 2612  Netlogon - ok
01:51:33.0075 2612  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:51:33.0138 2612  Netman - ok
01:51:33.0138 2612  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:51:33.0200 2612  netprofm - ok
01:51:33.0231 2612  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:51:33.0247 2612  NetTcpPortSharing - ok
01:51:33.0278 2612  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:51:33.0294 2612  nfrd960 - ok
01:51:33.0325 2612  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:51:33.0356 2612  NlaSvc - ok
01:51:33.0372 2612  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:51:33.0403 2612  Npfs - ok
01:51:33.0434 2612  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:51:33.0465 2612  nsi - ok
01:51:33.0481 2612  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:51:33.0528 2612  nsiproxy - ok
01:51:33.0590 2612  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:51:33.0637 2612  Ntfs - ok
01:51:33.0684 2612  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:51:33.0730 2612  Null - ok
01:51:33.0762 2612  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:51:33.0777 2612  nvraid - ok
01:51:33.0793 2612  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:51:33.0808 2612  nvstor - ok
01:51:33.0840 2612  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:51:33.0855 2612  nv_agp - ok
01:51:33.0871 2612  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:51:33.0902 2612  ohci1394 - ok
01:51:33.0933 2612  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:51:33.0949 2612  ose - ok
01:51:34.0105 2612  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:51:34.0198 2612  osppsvc - ok
01:51:34.0230 2612  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:51:34.0276 2612  p2pimsvc - ok
01:51:34.0308 2612  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:51:34.0354 2612  p2psvc - ok
01:51:34.0370 2612  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:51:34.0401 2612  Parport - ok
01:51:34.0432 2612  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:51:34.0448 2612  partmgr - ok
01:51:34.0479 2612  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:51:34.0510 2612  PcaSvc - ok
01:51:34.0542 2612  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
01:51:34.0573 2612  pccsmcfd - ok
01:51:34.0604 2612  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:51:34.0620 2612  pci - ok
01:51:34.0635 2612  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:51:34.0635 2612  pciide - ok
01:51:34.0682 2612  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:51:34.0698 2612  pcmcia - ok
01:51:34.0713 2612  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:51:34.0729 2612  pcw - ok
01:51:34.0760 2612  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:51:34.0822 2612  PEAUTH - ok
01:51:34.0885 2612  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:51:34.0916 2612  PerfHost - ok
01:51:34.0963 2612  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
01:51:34.0978 2612  PGEffect - ok
01:51:35.0041 2612  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:51:35.0103 2612  pla - ok
01:51:35.0134 2612  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:51:35.0197 2612  PlugPlay - ok
01:51:35.0212 2612  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:51:35.0244 2612  PNRPAutoReg - ok
01:51:35.0275 2612  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:51:35.0290 2612  PNRPsvc - ok
01:51:35.0322 2612  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:51:35.0384 2612  PolicyAgent - ok
01:51:35.0415 2612  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:51:35.0446 2612  Power - ok
01:51:35.0493 2612  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:51:35.0524 2612  PptpMiniport - ok
01:51:35.0556 2612  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:51:35.0571 2612  Processor - ok
01:51:35.0618 2612  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:51:35.0649 2612  ProfSvc - ok
01:51:35.0665 2612  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:51:35.0680 2612  ProtectedStorage - ok
01:51:35.0712 2612  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:51:35.0758 2612  Psched - ok
01:51:35.0821 2612  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:51:35.0852 2612  ql2300 - ok
01:51:35.0868 2612  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:51:35.0883 2612  ql40xx - ok
01:51:35.0914 2612  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:51:35.0930 2612  QWAVE - ok
01:51:35.0961 2612  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:51:36.0008 2612  QWAVEdrv - ok
01:51:36.0024 2612  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:51:36.0070 2612  RasAcd - ok
01:51:36.0086 2612  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:51:36.0117 2612  RasAgileVpn - ok
01:51:36.0148 2612  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:51:36.0211 2612  RasAuto - ok
01:51:36.0242 2612  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:51:36.0289 2612  Rasl2tp - ok
01:51:36.0320 2612  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:51:36.0367 2612  RasMan - ok
01:51:36.0414 2612  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:51:36.0460 2612  RasPppoe - ok
01:51:36.0476 2612  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:51:36.0538 2612  RasSstp - ok
01:51:36.0570 2612  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:51:36.0616 2612  rdbss - ok
01:51:36.0648 2612  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:51:36.0679 2612  rdpbus - ok
01:51:36.0694 2612  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:51:36.0741 2612  RDPCDD - ok
01:51:36.0757 2612  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:51:36.0804 2612  RDPENCDD - ok
01:51:36.0835 2612  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:51:36.0882 2612  RDPREFMP - ok
01:51:36.0960 2612  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:51:37.0006 2612  RdpVideoMiniport - ok
01:51:37.0053 2612  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:51:37.0116 2612  RDPWD - ok
01:51:37.0147 2612  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:51:37.0162 2612  rdyboost - ok
01:51:37.0194 2612  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:51:37.0240 2612  RemoteAccess - ok
01:51:37.0272 2612  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:51:37.0318 2612  RemoteRegistry - ok
01:51:37.0350 2612  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:51:37.0381 2612  RpcEptMapper - ok
01:51:37.0396 2612  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:51:37.0428 2612  RpcLocator - ok
01:51:37.0474 2612  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:51:37.0521 2612  RpcSs - ok
01:51:37.0552 2612  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:51:37.0615 2612  rspndr - ok
01:51:37.0646 2612  [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
01:51:37.0662 2612  RSUSBSTOR - ok
01:51:37.0693 2612  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
01:51:37.0724 2612  RTL8167 - ok
01:51:37.0771 2612  [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
01:51:37.0802 2612  RTL8192Ce - ok
01:51:37.0818 2612  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:51:37.0833 2612  SamSs - ok
01:51:37.0864 2612  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:51:37.0880 2612  sbp2port - ok
01:51:37.0911 2612  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:51:37.0974 2612  SCardSvr - ok
01:51:37.0989 2612  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:51:38.0036 2612  scfilter - ok
01:51:38.0083 2612  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:51:38.0145 2612  Schedule - ok
01:51:38.0176 2612  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:51:38.0223 2612  SCPolicySvc - ok
01:51:38.0239 2612  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:51:38.0301 2612  SDRSVC - ok
01:51:38.0317 2612  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:51:38.0364 2612  secdrv - ok
01:51:38.0410 2612  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:51:38.0442 2612  seclogon - ok
01:51:38.0473 2612  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
01:51:38.0520 2612  SENS - ok
01:51:38.0535 2612  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:51:38.0551 2612  SensrSvc - ok
01:51:38.0566 2612  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:51:38.0598 2612  Serenum - ok
01:51:38.0629 2612  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:51:38.0660 2612  Serial - ok
01:51:38.0676 2612  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:51:38.0707 2612  sermouse - ok
01:51:38.0769 2612  [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
01:51:38.0785 2612  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
01:51:38.0785 2612  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
01:51:38.0832 2612  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:51:38.0878 2612  SessionEnv - ok
01:51:38.0910 2612  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:51:38.0941 2612  sffdisk - ok
01:51:38.0956 2612  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:51:38.0988 2612  sffp_mmc - ok
01:51:39.0003 2612  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:51:39.0019 2612  sffp_sd - ok
01:51:39.0050 2612  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:51:39.0066 2612  sfloppy - ok
01:51:39.0097 2612  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
01:51:39.0128 2612  Sftfs - ok
01:51:39.0190 2612  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:51:39.0206 2612  sftlist - ok
01:51:39.0237 2612  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:51:39.0253 2612  Sftplay - ok
01:51:39.0284 2612  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:51:39.0284 2612  Sftredir - ok
01:51:39.0300 2612  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
01:51:39.0315 2612  Sftvol - ok
01:51:39.0315 2612  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:51:39.0331 2612  sftvsa - ok
01:51:39.0393 2612  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:51:39.0456 2612  SharedAccess - ok
01:51:39.0487 2612  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:51:39.0534 2612  ShellHWDetection - ok
01:51:39.0565 2612  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:51:39.0580 2612  SiSRaid2 - ok
01:51:39.0596 2612  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:51:39.0612 2612  SiSRaid4 - ok
01:51:39.0690 2612  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
01:51:39.0705 2612  SkypeUpdate - ok
01:51:39.0736 2612  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:51:39.0783 2612  Smb - ok
01:51:39.0814 2612  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:51:39.0830 2612  SNMPTRAP - ok
01:51:39.0861 2612  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:51:39.0861 2612  spldr - ok
01:51:39.0924 2612  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:51:39.0955 2612  Spooler - ok
01:51:40.0048 2612  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:51:40.0158 2612  sppsvc - ok
01:51:40.0189 2612  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:51:40.0251 2612  sppuinotify - ok
01:51:40.0282 2612  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:51:40.0329 2612  srv - ok
01:51:40.0345 2612  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:51:40.0376 2612  srv2 - ok
01:51:40.0407 2612  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:51:40.0438 2612  srvnet - ok
01:51:40.0470 2612  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:51:40.0532 2612  SSDPSRV - ok
01:51:40.0548 2612  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:51:40.0610 2612  SstpSvc - ok
01:51:40.0641 2612  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
01:51:40.0641 2612  ss_bbus - ok
01:51:40.0672 2612  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
01:51:40.0688 2612  ss_bmdfl - ok
01:51:40.0719 2612  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
01:51:40.0735 2612  ss_bmdm - ok
01:51:40.0750 2612  [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd        C:\Windows\system32\DRIVERS\ss_bserd.sys
01:51:40.0782 2612  ss_bserd - ok
01:51:40.0813 2612  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:51:40.0828 2612  stexstor - ok
01:51:40.0860 2612  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:51:40.0906 2612  stisvc - ok
01:51:40.0953 2612  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:51:40.0969 2612  swenum - ok
01:51:41.0000 2612  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:51:41.0047 2612  swprv - ok
01:51:41.0094 2612  [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
01:51:41.0109 2612  SynTP - ok
01:51:41.0172 2612  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:51:41.0234 2612  SysMain - ok
01:51:41.0281 2612  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:51:41.0312 2612  TabletInputService - ok
01:51:41.0343 2612  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:51:41.0406 2612  TapiSrv - ok
01:51:41.0437 2612  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:51:41.0484 2612  TBS - ok
01:51:41.0546 2612  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:51:41.0608 2612  Tcpip - ok
01:51:41.0640 2612  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:51:41.0686 2612  TCPIP6 - ok
01:51:41.0733 2612  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:51:41.0749 2612  tcpipreg - ok
01:51:41.0780 2612  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
01:51:41.0780 2612  tdcmdpst - ok
01:51:41.0811 2612  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:51:41.0858 2612  TDPIPE - ok
01:51:41.0889 2612  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:51:41.0920 2612  TDTCP - ok
01:51:41.0952 2612  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:51:42.0014 2612  tdx - ok
01:51:42.0045 2612  [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
01:51:42.0061 2612  TemproMonitoringService - ok
01:51:42.0108 2612  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:51:42.0108 2612  TermDD - ok
01:51:42.0154 2612  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:51:42.0201 2612  TermService - ok
01:51:42.0232 2612  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
01:51:42.0248 2612  TFsExDisk - ok
01:51:42.0264 2612  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:51:42.0295 2612  Themes - ok
01:51:42.0310 2612  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:51:42.0357 2612  THREADORDER - ok
01:51:42.0420 2612  [ F120967184A27E927052E8DDBB727851 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
01:51:42.0435 2612  TMachInfo - ok
01:51:42.0451 2612  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
01:51:42.0466 2612  TODDSrv - ok
01:51:42.0544 2612  [ 15CA4B185EA8AEF71DD86181E6E0157E ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
01:51:42.0560 2612  TosCoSrv - ok
01:51:42.0607 2612  [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
01:51:42.0622 2612  TOSHIBA HDD SSD Alert Service - ok
01:51:42.0654 2612  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:51:42.0700 2612  TrkWks - ok
01:51:42.0763 2612  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:51:42.0810 2612  TrustedInstaller - ok
01:51:42.0856 2612  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:51:42.0888 2612  tssecsrv - ok
01:51:42.0919 2612  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:51:42.0966 2612  TsUsbFlt - ok
01:51:42.0997 2612  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:51:43.0044 2612  tunnel - ok
01:51:43.0075 2612  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
01:51:43.0090 2612  TVALZ - ok
01:51:43.0106 2612  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:51:43.0122 2612  uagp35 - ok
01:51:43.0168 2612  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:51:43.0215 2612  udfs - ok
01:51:43.0246 2612  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:51:43.0262 2612  UI0Detect - ok
01:51:43.0309 2612  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:51:43.0324 2612  uliagpkx - ok
01:51:43.0324 2612  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
01:51:43.0356 2612  umbus - ok
01:51:43.0387 2612  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:51:43.0418 2612  UmPass - ok
01:51:43.0465 2612  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:51:43.0527 2612  upnphost - ok
01:51:43.0543 2612  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:51:43.0590 2612  usbccgp - ok
01:51:43.0621 2612  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:51:43.0652 2612  usbcir - ok
01:51:43.0683 2612  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:51:43.0714 2612  usbehci - ok
01:51:43.0761 2612  [ 727F61CA058B3F30BE3EBE7B6FC81CB2 ] usbglcs1080101  C:\Windows\system32\DRIVERS\usbglcs1080101.sys
01:51:43.0824 2612  usbglcs1080101 - ok
01:51:43.0980 2612  [ 61EC488364DF6FD10C1A31C70043AB8A ] usbglcsservice  C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe
01:51:44.0182 2612  usbglcsservice ( UnsignedFile.Multi.Generic ) - warning
01:51:44.0182 2612  usbglcsservice - detected UnsignedFile.Multi.Generic (1)
01:51:44.0229 2612  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:51:44.0260 2612  usbhub - ok
01:51:44.0292 2612  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
01:51:44.0307 2612  usbohci - ok
01:51:44.0338 2612  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:51:44.0370 2612  usbprint - ok
01:51:44.0401 2612  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:51:44.0463 2612  USBSTOR - ok
01:51:44.0479 2612  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:51:44.0510 2612  usbuhci - ok
01:51:44.0541 2612  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
01:51:44.0572 2612  usbvideo - ok
01:51:44.0588 2612  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:51:44.0650 2612  UxSms - ok
01:51:44.0666 2612  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:51:44.0682 2612  VaultSvc - ok
01:51:44.0713 2612  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:51:44.0728 2612  vdrvroot - ok
01:51:44.0775 2612  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:51:44.0822 2612  vds - ok
01:51:44.0853 2612  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:51:44.0869 2612  vga - ok
01:51:44.0884 2612  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:51:44.0916 2612  VgaSave - ok
01:51:44.0962 2612  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:51:44.0978 2612  vhdmp - ok
01:51:44.0994 2612  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:51:45.0009 2612  viaide - ok
01:51:45.0009 2612  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:51:45.0025 2612  volmgr - ok
01:51:45.0072 2612  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:51:45.0087 2612  volmgrx - ok
01:51:45.0134 2612  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:51:45.0150 2612  volsnap - ok
01:51:45.0181 2612  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:51:45.0196 2612  vsmraid - ok
01:51:45.0243 2612  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:51:45.0321 2612  VSS - ok
01:51:45.0337 2612  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:51:45.0368 2612  vwifibus - ok
01:51:45.0399 2612  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:51:45.0430 2612  vwififlt - ok
01:51:45.0446 2612  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
01:51:45.0477 2612  vwifimp - ok
01:51:45.0524 2612  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:51:45.0586 2612  W32Time - ok
01:51:45.0602 2612  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:51:45.0633 2612  WacomPen - ok
01:51:45.0664 2612  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:51:45.0696 2612  WANARP - ok
01:51:45.0696 2612  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:51:45.0742 2612  Wanarpv6 - ok
01:51:45.0789 2612  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:51:45.0883 2612  wbengine - ok
01:51:45.0914 2612  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:51:45.0945 2612  WbioSrvc - ok
01:51:45.0976 2612  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:51:46.0023 2612  wcncsvc - ok
01:51:46.0039 2612  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:51:46.0101 2612  WcsPlugInService - ok
01:51:46.0117 2612  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:51:46.0132 2612  Wd - ok
01:51:46.0179 2612  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:51:46.0210 2612  Wdf01000 - ok
01:51:46.0242 2612  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:51:46.0304 2612  WdiServiceHost - ok
01:51:46.0320 2612  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:51:46.0335 2612  WdiSystemHost - ok
01:51:46.0382 2612  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:51:46.0413 2612  WebClient - ok
01:51:46.0444 2612  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:51:46.0507 2612  Wecsvc - ok
01:51:46.0522 2612  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:51:46.0569 2612  wercplsupport - ok
01:51:46.0585 2612  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:51:46.0632 2612  WerSvc - ok
01:51:46.0647 2612  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:51:46.0694 2612  WfpLwf - ok
01:51:46.0710 2612  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:51:46.0725 2612  WIMMount - ok
01:51:46.0725 2612  WinDefend - ok
01:51:46.0741 2612  WinHttpAutoProxySvc - ok
01:51:46.0788 2612  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:51:46.0834 2612  Winmgmt - ok
01:51:46.0959 2612  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
01:51:46.0975 2612  WinRing0_1_2_0 - ok
01:51:47.0037 2612  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:51:47.0100 2612  WinRM - ok
01:51:47.0146 2612  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:51:47.0162 2612  WinUsb - ok
01:51:47.0209 2612  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:51:47.0240 2612  Wlansvc - ok
01:51:47.0334 2612  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:51:47.0396 2612  wlidsvc - ok
01:51:47.0427 2612  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:51:47.0443 2612  WmiAcpi - ok
01:51:47.0490 2612  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:51:47.0536 2612  wmiApSrv - ok
01:51:47.0552 2612  WMPNetworkSvc - ok
01:51:47.0583 2612  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:51:47.0630 2612  WPCSvc - ok
01:51:47.0661 2612  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:51:47.0692 2612  WPDBusEnum - ok
01:51:47.0724 2612  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:51:47.0770 2612  ws2ifsl - ok
01:51:47.0802 2612  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
01:51:47.0833 2612  wscsvc - ok
01:51:47.0833 2612  WSearch - ok
01:51:47.0911 2612  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:51:47.0973 2612  wuauserv - ok
01:51:48.0004 2612  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:51:48.0020 2612  WudfPf - ok
01:51:48.0051 2612  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:51:48.0082 2612  WUDFRd - ok
01:51:48.0129 2612  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:51:48.0145 2612  wudfsvc - ok
01:51:48.0176 2612  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:51:48.0223 2612  WwanSvc - ok
01:51:48.0238 2612  ================ Scan global ===============================
01:51:48.0285 2612  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:51:48.0332 2612  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:51:48.0332 2612  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:51:48.0363 2612  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:51:48.0394 2612  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:51:48.0394 2612  [Global] - ok
01:51:48.0394 2612  ================ Scan MBR ==================================
01:51:48.0410 2612  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:51:49.0440 2612  \Device\Harddisk0\DR0 - ok
01:51:49.0440 2612  ================ Scan VBR ==================================
01:51:49.0471 2612  [ CDF68E27F745C65A9EE03530A56985AF ] \Device\Harddisk0\DR0\Partition1
01:51:49.0486 2612  \Device\Harddisk0\DR0\Partition1 - ok
01:51:49.0502 2612  [ EFAF6797D53B4BA28FF9B8D31918746F ] \Device\Harddisk0\DR0\Partition2
01:51:49.0518 2612  \Device\Harddisk0\DR0\Partition2 - ok
01:51:49.0518 2612  ============================================================
01:51:49.0518 2612  Scan finished
01:51:49.0518 2612  ============================================================
01:51:49.0518 3176  Detected object count: 3
01:51:49.0518 3176  Actual detected object count: 3
01:52:15.0975 3176  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:15.0975 3176  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:52:15.0991 3176  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:15.0991 3176  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:52:15.0991 3176  usbglcsservice ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:15.0991 3176  usbglcsservice ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:56:36.0665 2332  Deinitialize success
         

Alt 05.05.2013, 01:06   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.05.2013, 01:56   #11
O.L.I.
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Hier die gefordeten Logfiles von ComboFix:

Code:
ATTFilter
ComboFix 13-05-04.01 - OLI 05.05.2013   2:14.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2812.1587 [GMT 2:00]
ausgeführt von:: c:\users\OLI\Desktop\ComboFix.exe
AV: Kaspersky Security Suite CBE *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Security Suite CBE *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Security Suite CBE *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-05 bis 2013-05-05  ))))))))))))))))))))))))))))))
.
.
2013-05-05 00:21 . 2013-05-05 00:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-30 09:34 . 2013-05-04 10:24	--------	d-----w-	c:\users\OLI\AppData\Roaming\dvdcss
2013-04-23 18:34 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-21 19:43 . 2013-04-21 19:43	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-04-21 19:42 . 2013-04-21 19:42	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-21 19:42 . 2013-04-21 19:42	--------	d-----w-	c:\program files (x86)\Java
2013-04-10 18:14 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 18:14 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 18:14 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 18:14 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 18:14 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 18:14 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 18:14 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 18:14 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-09 05:00 . 2013-04-09 05:00	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 19:42 . 2012-06-16 13:22	866720	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-04-21 19:42 . 2010-08-31 16:29	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-11 22:08 . 2012-09-14 23:03	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 22:08 . 2012-09-14 23:03	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 23:44 . 2011-01-17 14:56	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2012-10-14 20:33	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-14 16:18 . 2013-03-14 16:18	16486616	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-15 02:42 . 2013-02-15 02:42	256947	----a-w-	c:\windows\QLPrism Uninstaller.exe
2013-02-12 05:45 . 2013-03-14 14:40	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 14:40	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 14:40	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 14:40	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 14:40	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 14:40	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-14 14:44	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe" [2012-07-31 428928]
"XBGameingMouse"="c:\program files (x86)\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe" [2010-12-24 2450432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"AVP"="c:\program files (x86)\Kaspersky Security Suite CBE 12\avp.exe" [2012-04-10 202296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 20568]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-22 132608]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792]
R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 24576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 128000]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-12-22 16448]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 usbglcs1080101;Usb Human Interface Device;c:\windows\system32\DRIVERS\usbglcs1080101.sys [2010-12-24 24064]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-27 203264]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 usbglcsservice;USBGLCS Service;c:\program files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe [2010-12-24 5865289]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2010-11-10 20592]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 22:08]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 19:34]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 19:34]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000Core.job
- c:\users\OLI\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 18:15]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000UA.job
- c:\users\OLI\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-19 2226280]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\OLI\AppData\Roaming\Mozilla\Firefox\Profiles\eimny3to.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q=
FF - prefs.js: network.proxy.ftp - 77.48.30.205
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 77.48.30.205
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 77.48.30.205
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 77.48.30.205
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3806870365-364280537-3892568835-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fb,4e,be,b7,1b,d5,25,38,4f,3e,63,c7,51,d5,c3,de,0c,65,78,e5,b7,
   1a,66,46,35,fd,b0,ee,7f,aa,b8,49,08,31,06,70,fd,fe,19,cb,10,66,ec,2f,dd,85,\
"rkeysecu"=hex:cc,83,a6,17,2a,eb,29,9c,b1,55,31,f7,88,5c,b9,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-05  02:42:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-05 00:42
.
Vor Suchlauf: 7 Verzeichnis(se), 101.484.670.976 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 101.501.534.208 Bytes frei
.
- - End Of File - - 246FC0F9FA3007878B64C2D758D39249
         

Alt 06.05.2013, 04:18   #12
O.L.I.
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Moin.
Eigentlich wollte ich meinen letzten Beitrag editieren,aber ich habe nicht gefunden,wo/wie das geht und mußte leider einen neuen Post schreiben. Erstmal vorweg: Der Laptop ist schon lange nicht mehr so schnell hochgefahren,aber danach war das alte Problem bis Kaspersky meldete "Nicht mehr funktionstüchtig".
Mußte leider mein Antiviren-Programm de- und neuinstallieren. War irgendwie nicht mehr funktionstüchtig. Aber jetzt kommt der Knaller. Nach der neuen Installation ist alles WUNDERBAR !
Werde jetzt deine nächste Instruktion abwarten und selbstverständlich nix weiter machen,wie vereinbart. Versuche mich nicht zu früh zu freuen.

Alt 06.05.2013, 08:33   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.05.2013, 09:37   #14
O.L.I.
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Wie gut,daß ich mich zu gefreut habe. Er fährt schnell hoch und so gut wie alle Programme starten auch wunderbar schnell bis Kaspersky gestartet wird,dann wird alles langsam. Habe den Verdacht,daß es an Kaspersky liegt.

Hier die Logfiles:

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by OLI on 06.05.2013 at  9:46:33,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho14B9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1EFE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho39F6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3E5E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3FC0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6E32.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8186.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho941E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9743.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9E49.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD52.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC02.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC315.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDC8D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE957.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF71.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\OLI\appdata\local\ilivid player"



~~~ FireFox

Successfully deleted: [File] C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\user.js
Successfully deleted: [File] C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\startsear.xml
Successfully deleted: [Folder] C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\jetpack
Successfully deleted the following from C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\prefs.js

user_pref("browser.search.order.1", "Web Search");
user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q=");
Emptied folder: C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\minidumps [134 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2013 at  9:51:51,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 06/05/2013 um 09:57:35 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : OLI - LIEBERT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\OLI\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\OLI\AppData\Roaming\Mozilla\Firefox\Profiles\eimny3to.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\OLI\AppData\Roaming\Mozilla\Firefox\Profiles\eimny3to.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2749 octets] - [06/05/2013 09:56:57]
AdwCleaner[S1].txt - [2684 octets] - [06/05/2013 09:57:35]

########## EOF - C:\AdwCleaner[S1].txt - [2744 octets] ##########
         

OTL:
Code:
ATTFilter
OTL logfile created on: 06.05.2013 10:15:58 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OLI\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 67,59% Memory free
5,49 Gb Paging File | 4,27 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 94,06 Gb Free Space | 63,11% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
 
Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\OLI\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe ()
PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (usbglcsservice) -- C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe ()
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (usbglcs1080101) -- C:\Windows\SysNative\drivers\usbglcs1080101.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTERV1) -- C:\Windows\SysNative\drivers\RPGMOUSEV1.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{68840E18-4E84-4C21-8147-D29F61851A09}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{F54EFC98-7B8A-4AA3-A8DD-78E80E85DB36}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?ocid=ie9hphttp [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\..\SearchScopes\{14509999-C769-43BA-A81E-CDCAC7E330C1}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\..\SearchScopes\{32A8E952-D9B3-4AD0-8DBC-04B748D79EE7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\..\SearchScopes\{679FE04A-A103-48FC-AA4D-F152BBE669F6}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.5
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.ftp: "77.48.30.205"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "77.48.30.205"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "77.48.30.205"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "77.48.30.205"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OLI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2013.05.06 04:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2013.05.06 04:27:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2013.05.06 04:27:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M]
 
[2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions
[2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2013.04.24 03:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions
[2011.12.30 20:52:15 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions\jyboy.yy@gmail.com
[2012.05.19 17:12:23 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2013.04.21 22:41:55 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\compatibility@addons.mozilla.org.xpi
[2013.04.04 03:45:22 | 000,281,174 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\download_mp3@dilandau.eu.xpi
[2013.01.27 00:18:55 | 000,194,374 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\plugin@filsh.net.xpi
[2013.02.11 03:25:56 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\stealthyextension@gmail.com.xpi
[2013.04.24 03:31:14 | 000,223,761 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2013.02.14 16:44:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.13 06:59:54 | 000,001,743 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\music-downloader.xml
[2011.09.13 07:03:37 | 000,001,912 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\videosurf.xml
[2011.09.13 07:01:12 | 000,004,140 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\youtube.xml
[2013.05.06 04:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.05.06 04:07:52 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2013.05.06 04:07:49 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.04.11 22:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.11 22:51:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.12 10:54:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 10:54:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.12 10:54:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 10:54:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 10:54:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 10:54:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.05 02:36:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe (IObit)
O4 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000..\Run: [XBGameingMouse] C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC774E8-9E9A-41F7-AF63-81DCAA31AC0C}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80F761BC-69FB-48E7-A0C8-5E72CEA4C0A3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E29FADF-7A39-4411-BC48-A23AC19D53D9}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A37F83FD-0ECF-4EA3-8D73-87835C07ACD8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.06 09:46:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.06 09:45:59 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.06 09:40:38 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\OLI\Desktop\JRT.exe
[2013.05.06 04:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Suite CBE 12
[2013.05.06 04:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12
[2013.05.06 04:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.06 04:06:42 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.05.05 02:42:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.05 02:36:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.05 02:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.05 02:13:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.05 02:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.05 02:12:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.05 02:12:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.05 02:10:29 | 005,065,726 | R--- | C] (Swearware) -- C:\Users\OLI\Desktop\ComboFix.exe
[2013.05.04 17:54:27 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\OLI\Desktop\tdsskiller.exe
[2013.05.04 17:30:07 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\OLI\Desktop\aswMBR.exe
[2013.05.04 13:02:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OLI\Desktop\OTL.exe
[2013.04.30 11:34:10 | 000,000,000 | ---D | C] -- C:\Users\OLI\AppData\Roaming\dvdcss
[2013.04.21 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.21 21:42:36 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.21 21:42:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.21 21:42:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.21 21:42:22 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.21 21:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.11 22:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 01:43:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 01:43:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 01:43:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 01:43:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 01:43:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 01:43:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 01:43:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 01:43:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 01:43:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 01:43:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 01:43:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 01:43:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 01:43:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 01:43:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 01:43:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 20:14:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 20:14:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 20:14:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 20:14:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 20:14:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 20:14:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 07:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.06 10:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.06 10:09:59 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 10:09:59 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 10:00:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000UA.job
[2013.05.06 09:59:56 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.06 09:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.06 09:59:05 | 2211,205,120 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.06 09:54:40 | 000,628,743 | ---- | M] () -- C:\Users\OLI\Desktop\adwcleaner.exe
[2013.05.06 09:40:50 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\OLI\Desktop\JRT.exe
[2013.05.06 09:36:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.06 04:27:49 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2013.05.06 04:27:49 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2013.05.06 04:06:42 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.05.06 01:46:11 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.06 01:46:11 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.06 01:46:11 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.06 01:46:11 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.06 01:46:11 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.05 18:00:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000Core.job
[2013.05.05 02:36:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.05 02:10:49 | 005,065,726 | R--- | M] (Swearware) -- C:\Users\OLI\Desktop\ComboFix.exe
[2013.05.04 17:54:35 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\OLI\Desktop\tdsskiller.exe
[2013.05.04 17:51:22 | 000,000,512 | ---- | M] () -- C:\Users\OLI\Desktop\MBR.dat
[2013.05.04 17:31:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\OLI\Desktop\aswMBR.exe
[2013.05.04 13:26:16 | 000,377,856 | ---- | M] () -- C:\Users\OLI\Desktop\gmer_2.1.19163.exe
[2013.05.04 13:02:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLI\Desktop\OTL.exe
[2013.05.04 12:59:18 | 000,000,000 | ---- | M] () -- C:\Users\OLI\defogger_reenable
[2013.05.04 12:58:25 | 000,050,477 | ---- | M] () -- C:\Users\OLI\Desktop\Defogger.exe
[2013.04.30 18:41:21 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.30 04:44:58 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.21 21:42:17 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.21 21:42:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.21 21:42:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.21 21:42:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.21 21:42:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.21 21:42:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.12 00:08:14 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.12 00:08:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 01:50:16 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.06 09:54:35 | 000,628,743 | ---- | C] () -- C:\Users\OLI\Desktop\adwcleaner.exe
[2013.05.06 04:07:55 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2013.05.06 04:07:55 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2013.05.05 02:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.05 02:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.05 02:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.05 02:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.05 02:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.04 17:51:22 | 000,000,512 | ---- | C] () -- C:\Users\OLI\Desktop\MBR.dat
[2013.05.04 13:26:15 | 000,377,856 | ---- | C] () -- C:\Users\OLI\Desktop\gmer_2.1.19163.exe
[2013.05.04 12:59:18 | 000,000,000 | ---- | C] () -- C:\Users\OLI\defogger_reenable
[2013.05.04 12:58:24 | 000,050,477 | ---- | C] () -- C:\Users\OLI\Desktop\Defogger.exe
[2013.02.15 04:42:19 | 000,256,947 | ---- | C] () -- C:\Windows\QLPrism Uninstaller.exe
[2012.12.10 11:09:08 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.05.26 20:37:10 | 000,017,408 | ---- | C] () -- C:\Users\OLI\AppData\Local\WebpageIcons.db
[2012.03.19 13:44:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011.12.14 05:55:24 | 000,081,920 | ---- | C] () -- C:\Windows\qlprism-uninstall.exe
[2011.05.23 06:17:06 | 000,000,265 | ---- | C] () -- C:\Windows\game.ini
[2011.01.20 21:00:32 | 000,007,599 | ---- | C] () -- C:\Users\OLI\AppData\Local\resmon.resmoncfg
[2011.01.03 19:53:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 06.05.2013 10:15:58 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OLI\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 67,59% Memory free
5,49 Gb Paging File | 4,27 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 94,06 Gb Free Space | 63,11% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
 
Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1211D7D6-908C-462B-AA78-AE3830902511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1DD11942-7A6F-42AC-9773-EC8361AA416F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1EC5BCA6-F3B4-49F1-9B2C-FBD9F7892F8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1F4A363A-124C-41AF-8371-859378FDBC9B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{39196980-25E9-41A3-B8FE-21CDE2ACD24C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3A51B552-3E73-4EEA-9864-CAF1A7A00425}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50F7DD02-FFAF-4CB1-B179-80CD2693EE95}" = lport=137 | protocol=17 | dir=in | app=system | 
"{53821D93-1BCE-480C-BF0C-C17DF272AA18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{586D1FB6-2A07-4C68-9829-939236537700}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5D13920E-5AB5-4302-ABDA-584EF0CED3D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{65147306-555D-483C-B65C-04E8E798EAAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{78DB3E3D-D768-4B94-8CB4-FDB28B5F40F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CD525F6-35C5-45B2-BE42-3B0C85C90A71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8B48888E-5C62-4742-AC04-407DE0AB04A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9A534B4E-3184-40BD-A30E-23B5A85B66D4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9F046C08-0CD5-4580-BCF0-85A879819D80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA302B03-39FB-445D-9849-C0742FB0002F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C253D039-3B00-462D-AE0E-D268C4017FA2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C8DF7340-8159-4C2F-9E53-D11356BA41DB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D687C250-333F-403B-9864-31B8A1E737DB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E08610B7-AF8B-4E6B-8410-A3AEE6D26E5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5120809-1EBF-4196-A473-CE47B057A645}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EE601E16-D352-44A7-A325-1F0A8F0294BE}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066B6764-1F20-461B-AA1D-565A9DFA2E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{0FA44BAF-A3F7-4CB1-83E0-FE18831309A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{16668A7D-8A46-4A7B-9D31-613B8A58F20C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{253F5739-D4CE-48A2-8769-9BA7FD164694}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{2D54B855-24E9-41F0-BD50-10F069BD27CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36EECCEA-A5A6-4B62-BD4D-C3112ABAE12E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{39301E41-3919-42DF-AB44-727979F26393}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{3ABFF15A-A630-4135-9867-23F5DF19487A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41564087-A844-47E2-8BE5-F18FDB56FE61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C38120C-8647-4D00-B726-A1DCC7BCBAAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{57C96228-5D68-4558-8B44-DB3E305B9188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61547546-893E-434F-9FBD-C6294B8F727D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6BB98B3A-7580-45E4-91FA-92E12A99A499}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FFE608B-67CF-457C-9465-53AA7B32ABCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76381093-71D7-448B-B0AC-FB70F54A7924}" = protocol=6 | dir=out | app=system | 
"{784A83C3-2258-4F7C-ABF3-2A4A328AA5DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{78EC69CE-053F-412B-AC28-2722B66C0E4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{7D1DE0BE-79F8-46FF-B38F-78EBFCDC06E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{915C0F03-2DA0-4DC2-81F7-BE59D151A627}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{94275EC7-C437-4517-9116-C7993D2F5A15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB930DAB-D69F-4979-98F5-F8121B99882F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{ADEFF3B4-83D0-41E6-A139-EE06EEF2337B}" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{B94911F1-D56F-4189-8016-547F33583E2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C19AAA2A-1D4A-4136-9086-A9858DAD82A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C1DDB058-B9F7-4D18-9876-45FCC8245389}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C66C1C97-0E3E-4C41-858D-46AE51949703}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6C704B5-13D9-4E85-BFF6-09A8211F59D6}" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"TCP Query User{1D3F0D53-F812-4346-91F9-7482DE757A31}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{2DEB07CC-C537-481A-9346-131597109249}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{6B9258EA-9CD3-4823-B59D-0AA1D2EBE00A}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe | 
"TCP Query User{7D63FFF2-75D6-46AF-B261-0ABA263B37D7}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | 
"UDP Query User{785F008C-33A0-482E-A5A9-2944504347F1}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | 
"UDP Query User{909B5985-1F84-440A-96AE-E0453AD62E31}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe | 
"UDP Query User{AAA0D1E3-1C2A-4144-A989-CD077071C71F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{C8B1DD81-E506-4D4E-9975-F46C579D115A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}" = ATI Catalyst Install Manager
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CC3F8680-2A8A-95B1-584E-EA4BDE0DF783}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0CB6FBBE-71FC-7AE1-0506-AF2DFAAB5F99}" = CCC Help Finnish
"{0DCDE91E-ACD7-A105-A713-CF3C22BC1EF7}" = CCC Help Portuguese
"{0E4D665E-0441-D356-1B61-4FDCE2122F54}" = CCC Help Danish
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3AB215C2-0BE4-EC89-A90A-FA54B7C03E0A}" = CCC Help Chinese Traditional
"{3B2AFF45-1C2E-E544-A480-A9CA43FC8977}" = Catalyst Control Center Localization All
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E70F662-B29D-FE4E-D31D-0D088AB3C42E}" = CCC Help German
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40C17193-BC19-CB9F-35DA-A44F9B6A520F}" = Catalyst Control Center Graphics Previews Common
"{418E42D7-E8D0-1953-B7ED-9D75149D64D5}" = CCC Help Turkish
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CE1803-BA5B-F103-47E8-296CD40EB98C}" = Photo Service - powered by myphotobook
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F8EBB31-EB6A-7C7A-40ED-57F2841998EB}" = CCC Help Czech
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64E65803-D18A-D799-01A9-69ACB8B49B5E}" = CCC Help Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{85A87BCB-C8A1-179D-231D-D77C2462394F}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95CFDCE3-0AE1-01F5-D9C8-D5016C49D2D9}" = CCC Help Hungarian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC701E9-79FB-19EB-907C-33730D6D9450}" = Catalyst Control Center Graphics Previews Vista
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A392A7FE-2216-4F7B-AF2F-24F1533DB860}" = Quake Live Internet Explorer Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A920CC75-A1F8-4275-6CBF-0B7817AF364E}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B10364A6-B6BD-9F06-BF50-A779FBE803F4}" = CCC Help Polish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D136FCBA-7D93-DA4E-ED4D-024ACA891E70}" = CCC Help Japanese
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5F7D473-4819-D77B-E5A8-4B1569C47A2D}" = CCC Help Korean
"{D7397487-E01A-6ACE-C24E-BB19469B9FDE}" = CCC Help Swedish
"{DB928E9C-4C6B-DDF4-0748-C4D542A75E95}" = CCC Help Chinese Standard
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.9
"{DDC8362F-D041-6C5E-0221-E23CF71C73AE}" = CCC Help Spanish
"{DDDD6410-C2B9-7BC7-3A93-0D155AE07E25}" = Catalyst Control Center InstallProxy
"{DEC74752-09D3-309D-72B6-40114F57B223}" = CCC Help Russian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
"{EC8D0634-4567-DBD4-97B2-F8C879F7DBF8}" = CCC Help English
"{F0483BEB-E626-E306-DFBD-D3A1E582BF43}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2431B40-5D69-BBB8-F20B-4F28D8ED563E}" = CCC Help Thai
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4AECBDF-6985-E352-7392-152A0570573E}" = CCC Help Greek
"{F5A6CC63-2BED-914D-04E5-1702471E675D}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"BILDmobil" = BILDmobil
"Bridge Construction Set_is1" = Bridge Construction Set 1.3.9.1
"CloneCD" = CloneCD
"Das Quiz mit Jörg Pilawa Special" = Das Quiz mit Jörg Pilawa Special
"Die Wiege Roms" = Die Wiege Roms
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ELECOM E-Force Laser Gaming Mouse14101" = ELECOM E-Force Laser Gaming Mouse
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Game Booster_is1" = Game Booster 3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"QLDT" = Quake Live Demo Tools
"QLPrism" = QLPrism
"SopCast" = SopCast 3.5.0
"Star Sword_is1" = Star Sword
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2013 04:02:25 | Computer Name = Liebert | Source = TOSHIBA Service Station | ID = 0
Description = TSS Load: could not communicate with TMachInfo service
 
[ System Events ]
Error - 06.05.2013 04:03:24 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
 
< End of report >
         

Alt 06.05.2013, 10:39   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Standard

Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam
7-zip, adobe reader xi, autorun, bho, bingbar, error, fehler, firefox, flash player, helper, home, hängt, kaspersky, langsam, logfile, microsoft office starter 2010, mmc.exe, mozilla, mp3, problem, realtek, richtlinie, rundll, scan, security, sehr langsam, software, svchost.exe, systemcare, taskhost.exe, tastatur, teamspeak, virus, windows



Ähnliche Themen: Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam


  1. Laptop fährt nur noch sehr langsam hoch, WLAN nicht mehr verfügbar
    Plagegeister aller Art und deren Bekämpfung - 13.05.2015 (1)
  2. Laptop sehr langsam Arbeitsspeicher/CPU Auslastung hoch
    Plagegeister aller Art und deren Bekämpfung - 26.10.2014 (11)
  3. Laptop sehr langsam/CPU Auslastung hoch
    Plagegeister aller Art und deren Bekämpfung - 09.10.2014 (19)
  4. Laptop mit Vista sehr langsam beim Hoch-/Runterfahren und Programme öffnen
    Log-Analyse und Auswertung - 06.01.2014 (13)
  5. Windows Vista fährt nur sehr langsam hoch und braucht sehr lange um Befehle auszufuehren.
    Log-Analyse und Auswertung - 22.11.2013 (1)
  6. IE dauerhaft geöffnet und Laptop fährt extrem langsam hoch
    Log-Analyse und Auswertung - 01.08.2013 (19)
  7. Rechner fährt plötzlich sehr langsam hoch liegt das am Antivirenprogramm?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.06.2013 (21)
  8. Laptop windows 7 fährt extrem langsam hoch
    Log-Analyse und Auswertung - 15.05.2013 (27)
  9. Laptop sehr langsam/fährt nicht ordnungsgemäß hoch
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (32)
  10. Laptop fährt zu langsam hoch und hängt beim Systemaufbau
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (25)
  11. Win 7 startet ohne Felermeldung abrupt neu und fährt sehr langsam hoch !
    Log-Analyse und Auswertung - 07.04.2011 (1)
  12. Computer fährt sehr lange hoch und ist langsam
    Log-Analyse und Auswertung - 17.09.2010 (5)
  13. PC fährt sehr langsam hoch & Dienste lasse sich nicht starten, Fehler 1053
    Log-Analyse und Auswertung - 10.06.2010 (8)
  14. Ist mein Computer befallen ? Er ist super langsam und fährt kaum hoch !
    Log-Analyse und Auswertung - 05.02.2010 (1)
  15. Rechner fährt nicht runter,fährt sehr langsam hoch und laggt zwischendurch
    Log-Analyse und Auswertung - 29.12.2009 (1)
  16. Laptop fährt extrem langsam hoch
    Log-Analyse und Auswertung - 20.06.2007 (3)
  17. PC fährt nur noch langsam hoch ...
    Log-Analyse und Auswertung - 16.06.2007 (1)

Zum Thema Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam - Hallo. Seit einiger Zeit fährt mein Laptop nur noch langsam hoch oder hängt sich kurzzeitig während des Gebrauchs auf. Ist auch nach dem hochfahren manchmal noch sehr langsam. Malwarebytes Antimalware - Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam...
Archiv
Du betrachtest: Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.