| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.11.2012, 20:17
| #1 |
| |  Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe) Hallo, ich habe mir vor 1,5 Monaten KAV gekauft und bis letzte Woche lief die Software auch problemlos - bis mir aufgefallen ist, dass sie nicht mehr startet und dass man keine Dateien mehr per Kontext-Menü scannen kann (Windows 7 32bit-Version bzw. x86-basierter PC). Weiterhin ist es nicht möglich Kaspersky Antivirus zu deinstallieren, weder über die normale Deinstallations-Routine noch über den kavremover.exe (Ver. 1.0.365.0). Der kavremover.exe hängt sich nach Eingabe des Codes immer auf, genauso verhält es sich wenn mit neueste Version von Kaspersky Antivirus: Am Ende der Installations-Routine hängt sich diese genauso auf und es passiert einfach nichts mehr. Man kann dann noch die Installation abbrechen, aber dann hängt das Programm auch wieder. Die aktuelle bootfährige Rescue-Disk von KAV habe ich vorige Woche auch schon durchlaufen lassen - kein Ergebnis. Danach habe ich MBAM durchlaufen lassen - mit dem Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.21.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Marius :: MARIUS-PC [Administrator] 21.11.2012 21:22:12 mbam-log-2012-11-21 (21-22-12).txt Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|E:\|F:\|G:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 328230 Laufzeit: 21 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 E:\$RECYCLE.BIN\S-1-5-21-3564716185-4010765718-1094017127-1000\$RUHMDW3.exe (PUP.BundleInstaller.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-21 22:58:14
Windows 6.1.7600 Harddisk1\DR1 -> \Device\00000060 WDC_WD10 rev.01.0
Running: qz533xb5.exe; Driver: C:\Users\Marius\AppData\Local\Temp\pxliypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x924AB0C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9245ED66]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9245F0AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9245F4F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9244779E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9245EA40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x92447D16]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x92447BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9245EF12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x924ADF2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x92447E36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x924AD3C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x924AD604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x924AD068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9245EFE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x924ACF0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x924477E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x924AB204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x924AAE6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x924ADD26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x9245D1D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x92447DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x92447C8C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x924ACAB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x924AE1D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x92447ECC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x924AD120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x92447F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x9245D3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x924ADBDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9245F2D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9245F166]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePortEx [0x9245F21C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9245F348]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x924AD906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9245EBCE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x924ADA62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x92447FF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x924AAF76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x924ACC56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x924AD7AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x9244800A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x924ACDB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x924AD2C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x924AE340]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x924AE06A]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82A92599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB7092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82ABE870 4 Bytes [C2, B0, 4A, 92] {RET 0x4ab0; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82ABE898 8 Bytes [66, ED, 45, 92, AE, F0, 45, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82ABE8DC 4 Bytes [F4, F4, 45, 92] {HLT ; HLT ; INC EBP; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82ABE908 4 Bytes [9E, 77, 44, 92] {SAHF ; JA 0x47; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82ABE92C 4 Bytes [40, EA, 45, 92]
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A0DAB000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A0DAB123 629 Bytes [65, DA, A0, FE, 05, 34, 65, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A0DAB399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A0DAB3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A0DAB4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
? C:\Users\Marius\AppData\Local\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] ntdll.dll!NtProtectVirtualMemory 77305000 5 Bytes JMP 6EA51A54 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] user32.dll!NotifyWinEvent + 48B 7743F724 4 Bytes [53, 2A, A5, 6E]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] ntdll.dll!NtProtectVirtualMemory 77305000 5 Bytes JMP 6EA51A54 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] user32.dll!NotifyWinEvent + 48B 7743F724 4 Bytes [53, 2A, A5, 6E]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0664
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF06D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlSizeHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtTerminateProcess] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0664
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF06D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlSizeHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtTerminateProcess] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys (Network filtering component/Kaspersky Lab)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys (Network filtering component/Kaspersky Lab)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OTL logfile created on: 26.11.2012 20:34:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marius\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 76,87% Memory free 3,69 Gb Paging File | 2,83 Gb Available in Paging File | 76,60% Paging File free Paging file location(s): s:\pagefile.sys 200 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 20,78 Gb Free Space | 53,19% Space Free | Partition Type: NTFS Drive E: | 450,00 Gb Total Space | 328,82 Gb Free Space | 73,07% Space Free | Partition Type: NTFS Drive F: | 150,00 Gb Total Space | 149,49 Gb Free Space | 99,66% Space Free | Partition Type: NTFS Drive G: | 200,00 Gb Total Space | 107,63 Gb Free Space | 53,81% Space Free | Partition Type: NTFS Drive S: | 10,00 Gb Total Space | 9,73 Gb Free Space | 97,25% Space Free | Partition Type: NTFS Drive X: | 74,52 Gb Total Space | 74,42 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Computer Name: MARIUS-PC | User Name: Marius | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.26 20:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marius\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.15 17:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.05.15 10:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.05.15 10:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2009.10.23 21:57:04 | 001,200,128 | ---- | M] (ASUSTeK Inc.) -- F:\Programme\ASUS\SmartDoctor\SmartDoctor.exe PRC - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe ========== Modules (No Company Name) ========== MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007.03.13 15:46:50 | 000,007,168 | ---- | M] () -- F:\Programme\ASUS\SmartDoctor\VOV32.dll MOD - [2007.02.28 17:34:04 | 000,643,142 | ---- | M] () -- F:\Programme\ASUS\SmartDoctor\aticlocklib.dll MOD - [2003.01.17 14:47:18 | 000,118,784 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.11.21 20:50:28 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 22:05:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.08 14:51:48 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.15 17:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2012.10.29 19:21:13 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.29 19:21:11 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.10.29 19:21:10 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.10.03 12:15:59 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2012.06.08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012.05.15 17:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 9F C8 0E AD 61 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{A4A72C15-815B-4DE5-B5A0-CCE875F852B0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=67eed35d-8323-48be-a75a-06465df9a6e8&apn_sauid=F161BC25-4658-4507-9CEC-500C6E0845CC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.10.28 14:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.10.28 14:34:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.10.28 14:34:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.21 20:50:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 20:50:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: F:\Programme\Mozilla Thunderbird\components [2012.11.12 22:15:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: F:\Programme\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 20:50:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: F:\Programme\Mozilla Thunderbird\components [2012.11.12 22:15:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: F:\Programme\Mozilla Thunderbird\plugins [2012.07.14 11:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\Extensions [2012.11.24 13:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\sx7gnvee.default\extensions [2012.10.03 12:44:58 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\sx7gnvee.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.21 20:51:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\sx7gnvee.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.17 16:52:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\sx7gnvee.default\extensions\foxmarks@kei.com [2012.11.14 22:35:41 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\firefox\profiles\sx7gnvee.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.11.24 13:18:21 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\firefox\profiles\sx7gnvee.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.21 20:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.21 20:50:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1 File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Programme\MS OFFICE\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\MS OFFICE\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907148B3-A25D-49C4-81B1-82B866F58BBB}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.26 20:33:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marius\Desktop\OTL.exe [2012.11.26 20:01:10 | 000,000,000 | ---D | C] -- C:\Users\Marius\Desktop\Erledigen [2012.11.26 19:27:02 | 000,000,000 | ---D | C] -- C:\Users\Marius\Desktop\Jenny [2012.11.24 14:16:25 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner [2012.11.24 14:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner [2012.11.24 13:35:27 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Canneverbe Limited [2012.11.24 13:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.11.22 18:36:52 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.21 20:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2012.11.21 20:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.18 13:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.11.18 13:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.11.05 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\dvdcss [2012.10.28 14:34:04 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2012.10.28 14:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.10.28 14:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012.10.28 14:33:57 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.10.28 14:33:57 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys ========== Files - Modified Within 30 Days ========== [2012.11.26 20:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marius\Desktop\OTL.exe [2012.11.26 20:30:20 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 20:30:20 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 20:29:11 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.26 20:29:11 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.26 20:29:11 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.26 20:29:11 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.26 20:24:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.26 20:24:45 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys [2012.11.26 20:23:14 | 000,000,000 | ---- | M] () -- C:\Users\Marius\defogger_reenable [2012.11.26 20:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.23 15:31:21 | 000,327,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.22 20:50:02 | 000,171,884 | ---- | M] () -- E:\Documents\112212-17269-01.dmp [2012.11.13 19:51:59 | 000,000,165 | ---- | M] () -- C:\Users\Marius\Desktop\download.htm [2012.11.06 18:56:23 | 000,000,659 | ---- | M] () -- C:\Users\Marius\Desktop\SABnzbd.lnk [2012.10.29 19:21:13 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys [2012.10.29 19:21:11 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys [2012.10.29 19:21:10 | 000,587,096 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.10.28 14:34:20 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk ========== Files Created - No Company Name ========== [2012.11.26 20:23:14 | 000,000,000 | ---- | C] () -- C:\Users\Marius\defogger_reenable [2012.11.24 13:35:22 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.11.22 22:12:26 | 000,171,884 | ---- | C] () -- E:\Documents\112212-17269-01.dmp [2012.11.13 19:48:53 | 000,000,165 | ---- | C] () -- C:\Users\Marius\Desktop\download.htm [2012.11.06 18:56:23 | 000,000,659 | ---- | C] () -- C:\Users\Marius\Desktop\SABnzbd.lnk [2012.10.28 14:34:30 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk [2012.08.11 11:06:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.07.27 21:33:12 | 000,000,218 | ---- | C] () -- C:\Users\Marius\AppData\Local\recently-used.xbel [2012.07.20 20:54:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.07.17 21:10:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.07.17 21:10:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.24 13:35:27 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Canneverbe Limited [2012.10.03 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Dropbox [2012.07.17 21:10:30 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\FreePDF [2012.07.27 20:59:14 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Participatory Culture Foundation [2012.07.15 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.11.2012 20:34:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marius\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 76,87% Memory free
3,69 Gb Paging File | 2,83 Gb Available in Paging File | 76,60% Paging File free
Paging file location(s): s:\pagefile.sys 200 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 20,78 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive E: | 450,00 Gb Total Space | 328,82 Gb Free Space | 73,07% Space Free | Partition Type: NTFS
Drive F: | 150,00 Gb Total Space | 149,49 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
Drive G: | 200,00 Gb Total Space | 107,63 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive S: | 10,00 Gb Total Space | 9,73 Gb Free Space | 97,25% Space Free | Partition Type: NTFS
Drive X: | 74,52 Gb Total Space | 74,42 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: MARIUS-PC | User Name: Marius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "F:\Programme\MS OFFICE\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "F:\Programme\MS OFFICE\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B6C0B1-EF26-46A4-9EED-DC619AC33101}" = lport=138 | protocol=17 | dir=in | app=system |
"{0B2FBD95-176A-486E-93CD-0E7F1599A24F}" = rport=139 | protocol=6 | dir=out | app=system |
"{314993F7-8BC3-4589-8C9D-78DDE86A9FC2}" = lport=139 | protocol=6 | dir=in | app=system |
"{3AA8A0D6-8BED-4CE4-83B6-229E53AB7652}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C4BA14C-7CC2-4867-B1F3-D1626FA2653A}" = lport=137 | protocol=17 | dir=in | app=system |
"{3E2895A5-069D-4EC1-8FE4-4E66FC3AFFDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{49C945D1-AFC2-4DAA-ADFA-15192CC517A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C50F00E-8115-4D5E-8722-553D6C2E1443}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2EB5422-2CDE-4CD3-9AA2-814A671E258E}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7DB1F0C-95C3-41B1-8EFF-EB64070440BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC1BF896-300B-4B9C-97F6-0E1A47B071F8}" = rport=445 | protocol=6 | dir=out | app=system |
"{DAB11AC7-DB1F-466E-B3E3-DF792904959D}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0050BCB6-7D29-458F-873C-0922D5C37A98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{079F58F4-B7FB-48F5-86D6-9C1F8AA4A868}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{0BF3766C-C170-44A3-9D8D-DF645C6533D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{11302862-861F-4D0B-9E52-888803DF7407}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{149E7872-5988-45DA-86B3-F63B2E4776C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{17F0EC8B-EC0E-47CF-99A6-D747B99D4AC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1C5C0941-7EDF-4CD1-8281-83F458463A46}" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\counter-strike\hl.exe |
"{23FCF04D-538D-4A65-A4BA-7B85B7441D34}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{27CA3246-67DB-4C2D-97CD-1BAC7FE42CF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2A97FE86-27EF-4F95-BF4E-515436399580}" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\day of defeat\hl.exe |
"{2B3FEC19-73C0-40D6-A01A-1FEFC2F724E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3102B5D5-BABC-43F2-96AF-0E0096077769}" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\counter-strike\hl.exe |
"{32FF964F-57FA-4670-8EF7-B895A0DF53FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{38B2EEF2-C125-4AC0-8B2B-B5011342B52E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{3ACE9A6A-9FDE-4BB6-B14B-6B4694127E42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3C3F436B-7016-46A6-B801-13327F14A93F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{48F48D8A-AF83-49F1-99A5-DCD0C1DD9082}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4DC2EF97-C9ED-4A9E-966B-927BB43ACCD8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4DD20344-2E9E-4C55-89EF-778916F6AA54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{50299F72-1522-4B71-A9FF-4A84A144400E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{51445D42-53E2-490C-A73C-B6856B175014}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{56009210-8E18-470E-85F3-FB4B2C6C2930}" = protocol=6 | dir=in | app=g:\steam\steam.exe |
"{5E2068C5-D830-4051-9D3F-73DBF19E812D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{677A39F7-3849-44AA-AFF9-91CBEFB7591D}" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\half-life\hl.exe |
"{6F90C70C-84B1-42A1-92C4-85464300A2BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{715B8C5B-D24E-4F99-8576-2F02B88139FB}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{7E35CFEB-B0F3-45BB-B35A-73C01AB45A50}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{7F90031E-143F-47B8-AFF4-D6EA016F58E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{84D05919-93B7-4365-AF0C-2C8DA122BB79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8C0638F5-FD29-414A-BB00-C2618C14191E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{92B5D57B-A78F-453F-B1CE-3A499655CA41}" = protocol=17 | dir=in | app=g:\steam\steam.exe |
"{9C6DB683-339B-4C97-8EBB-2BBD3173B09C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{9F0814D7-85F1-41AA-826E-15B4B466EC10}" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\day of defeat\hl.exe |
"{A9F537CA-E3C9-427B-8A94-0AB87C14A434}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADD48912-B67E-4ADF-8428-6CE8AAA1EB01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{D9FA5A7C-81F3-405B-9242-CAB0E0B681BC}" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\half-life\hl.exe |
"{DFF522C4-05E5-4E42-8DB3-92A706EF4EF0}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{E885B0D2-2F86-4773-AA58-672C9E6EB097}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E8CFF163-8FA2-4624-A2D9-A73BF9D4552E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E90C4E84-F66B-4479-8084-081542C1CEE8}" = protocol=17 | dir=in | app=c:\users\marius\appdata\roaming\dropbox\bin\dropbox.exe |
"{EEA73DA7-E8B3-49D7-BB5E-E865D1C67CA8}" = dir=in | app=f:\programme\itunes\itunes.exe |
"{F1A0BCB7-2BDC-42CE-95E1-7A1795BECF64}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F28B8873-4020-4276-82D6-8719055607E7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FFDF8B6F-A011-4FCE-94BF-7D0250C9DC8B}" = protocol=6 | dir=in | app=c:\users\marius\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0650D5BD-BFFE-411C-A4AD-FE963DE83587}G:\s.t.a.l.k.e.r\bin\xr_3da.exe" = protocol=6 | dir=in | app=g:\s.t.a.l.k.e.r\bin\xr_3da.exe |
"TCP Query User{20B84849-FE28-4AD5-A839-4288070FA851}G:\steam\steamapps\dervaddi\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\team fortress 2\hl2.exe |
"TCP Query User{B19F848D-75CF-4742-BF84-1C3A777FAF0E}G:\steam\steamapps\dervaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\half-life 2 deathmatch\hl2.exe |
"TCP Query User{DBF5E7D2-C119-4664-82BF-97B125DCFB81}G:\steam\steamapps\dervaddi\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\half-life deathmatch source\hl2.exe |
"TCP Query User{F21C767D-F217-4978-B935-5F77A18AA42C}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{06EB5766-6752-454E-91A7-96B977D11BC2}G:\steam\steamapps\dervaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\half-life 2 deathmatch\hl2.exe |
"UDP Query User{2EB2FEF6-AF99-4CC8-948A-69F5322B6B55}G:\steam\steamapps\dervaddi\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\half-life deathmatch source\hl2.exe |
"UDP Query User{BFE9388D-BB04-4F0E-BFAD-7A12D6941992}G:\s.t.a.l.k.e.r\bin\xr_3da.exe" = protocol=17 | dir=in | app=g:\s.t.a.l.k.e.r\bin\xr_3da.exe |
"UDP Query User{C612E09F-AF90-4EB2-A8C6-C7934F87BC78}G:\steam\steamapps\dervaddi\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\team fortress 2\hl2.exe |
"UDP Query User{DBF234C6-342F-4157-97D9-BB052A1189BB}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9A8C75F6-E5CC-47F9-962A-73FE54A8AF41}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced IP Scanner v1.4" = Advanced IP Scanner v1.4
"CCleaner" = CCleaner
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealVNCViewer_is1" = VNC Viewer 5.0.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SABnzbd" = SABnzbd 0.7.5
"Steam App 10" = Counter-Strike
"Steam App 220" = Half-Life 2
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 40" = Deathmatch Classic
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 70" = Half-Life
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2012 08:38:48 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 18.11.2012 08:39:31 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 18.11.2012 08:39:32 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 21.11.2012 13:53:27 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 21.11.2012 16:16:21 | Computer Name = Marius-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 21.11.2012 17:58:39 | Computer Name = Marius-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 22.11.2012 14:45:41 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 22.11.2012 17:52:16 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 22.11.2012 17:52:17 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 22.11.2012 17:55:04 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Windows 7 Service Pack 1 (KB976932)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2756822)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008 x86 (KB2729449)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter
WDDM1.2, Other hardware - NVIDIA GeForce 8800 GTS
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2529073)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
3.5.1 unter Windows 7 x86 (KB2729451)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008 x86 (KB2737019)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2749655)
Error - 22.11.2012 17:56:03 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2600217)
Error - 22.11.2012 17:56:03 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2647753)
< End of report >
Muss ich meinen Rechner formattieren oder gibt es noch eine Chance den Virus / Rootkit (??) zu neutralisieren? Danke für Eure Hife, Marius Geändert von Marius356 (26.11.2012 um 20:44 Uhr) Grund: x86-baiserter PC (32-bit Betriebssystem) |
|
27.11.2012, 12:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe) Hallo und
__________________ Zitat:
Gab es denn jemals Virenfunde auf diesem Rechner, hast du noch Logs dazu? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
27.11.2012, 21:39
| #3 | |
| |  Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe)Zitat:
Vor ein paar Monaten habe ich dann KAV gekauft und installiert. Kaspersky werde ich wohl nicht wieder kaufen. Derartiges ist mir mit der - wohlbemerkt kostenlosen Version - von AVIRA nie passiert. Gibt es Lösungsvorschläge? |
|
27.11.2012, 22:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe)Zitat:
Du weißt nicht welche Ursache genau, also warum genau beziehst du das schon auf KAV? Virenscanner sind heutzutage sehr komplexe Softwareteile geworden, die sich ins System tief einnisten müssen... Hast du noch Wiederherstellungspunkte oder sogar Images VOR der Kaspersky-Installation?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.11.2012, 22:30
| #5 | |
| |  Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe)Zitat:
n8, Marius |
|
27.11.2012, 23:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe) Es hat aber rein zufällig nichts mit deiner Windows-Edition (Windows Ultimate) zu tun oder? 
__________________ --> Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe) |
|
| Themen zu Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe) |
| 32 bit, administrator, anti-malware, antivirus, autostart, avp.exe, crypt, dateien, deinstallationsproblem, explorer, gelöscht, gmer, harddisk, hängt, install.exe, kaspersky, malwarebytes, msiinstaller, nicht möglich, ntdll.dll, nvidia, nvidia update, port, rechner, recycle.bin, scan, software, startet, system32, tcp, temp, tiere, udp, unter windows xp, update |
Linear-Darstellung
