| |
| |||||||
Log-Analyse und Auswertung: Google-Meldung ungewöhnlicher DatenverkehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.06.2013, 14:14
| #1 |
 |  Google-Meldung ungewöhnlicher Datenverkehr Hallo, ich habe gestern gegoogelt und dann kam folgende Meldung: „Unsere Systeme haben ungewöhnlichen Datenverkehr aus Ihrem Computernetzwerk festgestellt. Diese Seite überprüft, ob die Anfragen wirklich von Ihnen und nicht von einem Robot gesendet werden.“ (hxxp://forum.computerbild.de/sicherheit/mysterioese-google-meldung-bzgl-datenverkehr_116644.html) Ich wurde zur Bestätigung aufgefordert einen Captcha einzugeben. Ich habe die Seite geschlossen und das ganze noch 3 mal versucht, es hat sich nicht geändert. Dann habe ich einen Scan mit Kaspersky gemacht (negativ), den Suchverlauf gelöscht und anschließend nochmal mit Firefox gegoogelt und es hat wieder funktioniert. Dieser Vorfall wurde schon im Netz besprochen. (hxxp://forum.chip.de/rund-um-online/google-suche-captcha-meldung-1655159.html) (http://www.trojaner-board.de/112438-...e-meldung.html) (hxxp://www.zeit.de/digital/internet/2013-01/google-captcha-scrapen) Es wird dabei gesagt, dass das Problem meistens bei Google liegt. Ich weiß jedoch für meinen Fall, dass mein Adobe-Acrobat-Plug-in nicht aktuell war. Außerdem wird der User Guide in der Task-Leiste, wenn man ihn anklickt, nicht mehr vom Adobe Reader erkannt. Die Meldung von Google kam auch nicht bei der ersten Suche an dem Tag sondern einfach mittendrin: ich wollte eine Seite aufrufen, die Seite wurde nicht richtig aufgebaut, und ich habe die Seite geschlossen und beim nächsten Googel kam dann die Meldung. Also da mein Plug-in nicht aktuell war und jetzt der Adobe Reader nicht den User Guide erkennt, würde ich mich über Hilfe bei der Systemanalyse freuen. OTL-Text: HTML-Code: OTL logfile created on: 02.06.2013 11:32:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Malte\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,71 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 74,61% Memory free 7,08 Gb Paging File | 5,53 Gb Available in Paging File | 78,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 439,18 Gb Total Space | 394,58 Gb Free Space | 89,84% Space Free | Partition Type: NTFS Computer Name: PC-MALTE | User Name: Malte | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013.06.02 11:30:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malte\Desktop\OTL.exe PRC - [2013.05.30 14:56:34 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2013.04.18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012.09.18 10:48:58 | 002,791,544 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe PRC - [2012.09.05 09:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe PRC - [2012.09.05 09:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe PRC - [2012.09.05 09:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe PRC - [2012.08.15 13:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2012.08.10 10:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2012.07.31 18:02:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.07.18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.07.18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.09.05 09:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll MOD - [2012.09.05 09:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll MOD - [2012.09.05 09:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll MOD - [2012.09.05 09:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll MOD - [2012.09.05 09:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012.06.08 04:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:[b]64bit:[/b] - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:[b]64bit:[/b] - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:[b]64bit:[/b] - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:[b]64bit:[/b] - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:[b]64bit:[/b] - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:[b]64bit:[/b] - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:[b]64bit:[/b] - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:[b]64bit:[/b] - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:[b]64bit:[/b] - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:[b]64bit:[/b] - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:[b]64bit:[/b] - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:[b]64bit:[/b] - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:[b]64bit:[/b] - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:[b]64bit:[/b] - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:[b]64bit:[/b] - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:[b]64bit:[/b] - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:[b]64bit:[/b] - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:[b]64bit:[/b] - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:[b]64bit:[/b] - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:[b]64bit:[/b] - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:[b]64bit:[/b] - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:[b]64bit:[/b] - [2012.04.20 07:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.05.31 17:11:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.30 14:56:34 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.09.05 09:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher) SRV - [2012.08.16 13:08:56 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.08.10 11:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.08.10 10:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2012.07.31 18:02:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.07.18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013.05.30 15:04:35 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kneps.sys -- (kneps) DRV:[b]64bit:[/b] - [2013.05.30 15:04:35 | 000,050,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klwfp.sys -- (klwfp) DRV:[b]64bit:[/b] - [2013.05.30 15:04:34 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2013.05.30 15:04:34 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt) DRV:[b]64bit:[/b] - [2013.05.30 15:04:34 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klkbdflt.sys -- (klkbdflt) DRV:[b]64bit:[/b] - [2013.04.18 15:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psi_mf_amd64.sys -- (PSI) DRV:[b]64bit:[/b] - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:[b]64bit:[/b] - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:[b]64bit:[/b] - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:[b]64bit:[/b] - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:[b]64bit:[/b] - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:[b]64bit:[/b] - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:[b]64bit:[/b] - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:[b]64bit:[/b] - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:[b]64bit:[/b] - [2013.01.11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:[b]64bit:[/b] - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:[b]64bit:[/b] - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:[b]64bit:[/b] - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:[b]64bit:[/b] - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:[b]64bit:[/b] - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:[b]64bit:[/b] - [2012.10.08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:[b]64bit:[/b] - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:[b]64bit:[/b] - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2012.08.16 04:26:42 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012.08.10 11:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2012.08.10 11:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2012.08.10 11:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2012.08.10 11:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2012.08.10 11:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2012.08.10 11:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2012.08.10 11:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt) DRV:[b]64bit:[/b] - [2012.08.10 11:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2012.08.06 04:41:28 | 000,313,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2012.08.02 15:09:32 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2012.07.31 04:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2012.07.27 18:38:24 | 000,029,616 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\klelam.sys -- (klelam) DRV:[b]64bit:[/b] - [2012.07.27 14:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini) DRV:[b]64bit:[/b] - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:[b]64bit:[/b] - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:[b]64bit:[/b] - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:[b]64bit:[/b] - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:[b]64bit:[/b] - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:[b]64bit:[/b] - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:[b]64bit:[/b] - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:[b]64bit:[/b] - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:[b]64bit:[/b] - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:[b]64bit:[/b] - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:[b]64bit:[/b] - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:[b]64bit:[/b] - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:[b]64bit:[/b] - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:[b]64bit:[/b] - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:[b]64bit:[/b] - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:[b]64bit:[/b] - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:[b]64bit:[/b] - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:[b]64bit:[/b] - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:[b]64bit:[/b] - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:[b]64bit:[/b] - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:[b]64bit:[/b] - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:[b]64bit:[/b] - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:[b]64bit:[/b] - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:[b]64bit:[/b] - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:[b]64bit:[/b] - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:[b]64bit:[/b] - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:[b]64bit:[/b] - [2012.07.24 01:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:[b]64bit:[/b] - [2012.06.25 03:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:[b]64bit:[/b] - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (kl1) DRV:[b]64bit:[/b] - [2012.06.19 01:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2012.06.12 14:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV - [2013.01.21 19:57:13 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {50952DBE-9475-4D32-B175-B9D835C33E99} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{50952DBE-9475-4D32-B175-B9D835C33E99}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {50952DBE-9475-4D32-B175-B9D835C33E99} IE - HKLM\..\SearchScopes\{50952DBE-9475-4D32-B175-B9D835C33E99}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {50952DBE-9475-4D32-B175-B9D835C33E99} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.05.30 15:04:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.05.30 15:04:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.05.30 15:04:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.05.30 15:04:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.05.30 15:04:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.30 19:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\Extensions [2013.05.31 13:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.31 13:27:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.30 15:04:39 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:[b]64bit:[/b] - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:[b]64bit:[/b] - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:[b]64bit:[/b] - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:[b]64bit:[/b] - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{040733CB-4D7C-4428-9C2C-E2D12538D345}: DhcpNameServer = 192.168.178.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013.06.02 11:30:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Malte\Desktop\OTL.exe [2013.06.02 09:42:15 | 000,000,000 | R--D | C] -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.01 16:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.06.01 16:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.05.31 18:04:23 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Macromedia [2013.05.31 17:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.05.31 17:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.05.31 17:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.05.31 12:45:43 | 000,000,000 | R--D | C] -- C:\windows\BrowserChoice [2013.05.31 10:34:58 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Secunia PSI [2013.05.31 10:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.05.30 20:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.05.30 20:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.05.30 20:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.05.30 20:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.05.30 20:42:22 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Microsoft Help [2013.05.30 20:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.05.30 20:41:57 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.05.30 19:52:12 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Mozilla [2013.05.30 19:52:12 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Mozilla [2013.05.30 19:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.30 19:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.30 19:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.30 19:46:11 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Macromedia [2013.05.30 15:04:41 | 000,178,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kneps.sys [2013.05.30 15:04:41 | 000,050,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klwfp.sys [2013.05.30 15:04:40 | 000,619,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys [2013.05.30 15:04:40 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klflt.sys [2013.05.30 15:04:40 | 000,029,528 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klmouflt.sys [2013.05.30 15:04:40 | 000,029,016 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klkbdflt.sys [2013.05.30 14:48:47 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\klfphc.dll [2013.05.30 14:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.30 14:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.05.28 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Adobe [2013.05.28 16:20:19 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Power2Go8 [2013.05.28 16:20:14 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\BMExplorer [2013.05.28 16:20:14 | 000,000,000 | ---D | C] -- C:\Users\Malte\Documents\Bluetooth Folder [2013.05.28 16:20:09 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Atheros [2013.05.28 16:19:29 | 000,000,000 | R--D | C] -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.05.28 16:19:29 | 000,000,000 | R--D | C] -- C:\Users\Malte\Searches [2013.05.28 16:19:29 | 000,000,000 | R--D | C] -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.05.28 16:19:28 | 000,000,000 | R--D | C] -- C:\Users\Malte\Contacts [2013.05.28 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Adobe [2013.05.28 16:18:57 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Samsung [2013.05.28 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\VirtualStore [2013.05.28 16:17:00 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Packages [2013.05.28 16:16:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Vorlagen [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\AppData\Local\Verlauf [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\AppData\Local\Temporary Internet Files [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Startmenü [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\SendTo [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Recent [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Netzwerkumgebung [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Lokale Einstellungen [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Documents\Eigene Videos [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Documents\Eigene Musik [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Eigene Dateien [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Documents\Eigene Bilder [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Druckumgebung [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Cookies [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\AppData\Local\Anwendungsdaten [2013.05.28 16:16:17 | 000,000,000 | -HSD | C] -- C:\Users\Malte\Anwendungsdaten [2013.05.28 16:16:16 | 000,000,000 | --SD | C] -- C:\Users\Malte\AppData\Roaming\Microsoft [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Videos [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Saved Games [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Pictures [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Music [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Links [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Favorites [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Downloads [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Documents [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\Desktop [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.05.28 16:16:16 | 000,000,000 | R--D | C] -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013.05.28 16:16:16 | 000,000,000 | -H-D | C] -- C:\Users\Malte\AppData [2013.05.28 16:16:16 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Temp [2013.05.28 16:16:16 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\Microsoft [2013.05.28 16:16:16 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.10.20 08:00:42 | 002,258,432 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013.06.02 11:30:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malte\Desktop\OTL.exe [2013.06.02 11:29:00 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job [2013.06.02 11:28:51 | 000,000,000 | ---- | M] () -- C:\Users\Malte\defogger_reenable [2013.06.02 11:26:52 | 000,050,477 | ---- | M] () -- C:\Users\Malte\Desktop\Defogger.exe [2013.06.02 11:19:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.02 09:36:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.01 16:47:52 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.31 17:25:04 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.05.31 17:25:04 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.05.31 17:25:04 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.05.31 17:25:04 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.05.31 17:25:04 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.05.31 17:17:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.31 17:17:08 | 3183,919,104 | -HS- | M] () -- C:\hiberfil.sys [2013.05.31 15:20:23 | 000,355,944 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.31 13:27:52 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.31 10:34:20 | 000,001,112 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 15:04:35 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kneps.sys [2013.05.30 15:04:35 | 000,050,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klwfp.sys [2013.05.30 15:04:34 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys [2013.05.30 15:04:34 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klflt.sys [2013.05.30 15:04:34 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klmouflt.sys [2013.05.30 15:04:34 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klkbdflt.sys [2013.05.30 14:50:46 | 000,002,376 | ---- | M] () -- C:\Users\Malte\Desktop\Sicherer Zahlungsverkehr.lnk [2013.05.30 14:48:47 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.05.28 16:18:05 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_na_300E4_P04R.mrk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013.06.02 11:28:51 | 000,000,000 | ---- | C] () -- C:\Users\Malte\defogger_reenable [2013.06.02 11:26:47 | 000,050,477 | ---- | C] () -- C:\Users\Malte\Desktop\Defogger.exe [2013.06.01 16:47:52 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.01 16:47:52 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.31 17:11:09 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.31 15:20:06 | 000,355,944 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.31 13:24:45 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk [2013.05.31 10:52:59 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.05.31 10:34:20 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.31 10:34:20 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.05.30 19:51:14 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.30 19:51:14 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.30 14:50:47 | 000,001,357 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013.lnk [2013.05.30 14:50:46 | 000,002,376 | ---- | C] () -- C:\Users\Malte\Desktop\Sicherer Zahlungsverkehr.lnk [2013.05.30 14:49:12 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.05.28 16:19:24 | 000,001,446 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.05.28 16:18:05 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_na_300E4_P04R.mrk [2012.10.20 08:00:42 | 000,003,196 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2012.10.20 06:43:14 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.08.16 04:27:12 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.08.16 04:27:12 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.08.16 04:26:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.08.16 04:26:32 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.08.16 04:26:32 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 06:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color] < End of report > HTML-Code: OTL Extras logfile created on: 02.06.2013 11:32:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Malte\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,71 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 74,61% Memory free 7,08 Gb Paging File | 5,53 Gb Available in Paging File | 78,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 439,18 Gb Total Space | 394,58 Gb Free Space | 89,84% Space Free | Partition Type: NTFS Computer Name: PC-MALTE | User Name: Malte | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12F3AABB-993F-4FEA-B4E1-53B14EEDB2B7}" = lport=445 | protocol=6 | dir=in | app=system | "{13333A39-B61B-4A4C-A5CD-77AF7954AC52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1FA94316-742C-4340-B1F8-A4CC6D33CE84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2671E3F7-6E91-4ADB-B8A9-E7564E67B5C3}" = rport=445 | protocol=6 | dir=out | app=system | "{293A3381-B01C-461E-9F5F-B3D58C1394A8}" = rport=138 | protocol=17 | dir=out | app=system | "{4C8D4E13-489C-44B2-A3F2-E9955E6E13DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6ECFBC35-D6C1-4EFB-A3AA-DE38FA9191DA}" = rport=137 | protocol=17 | dir=out | app=system | "{7EFDF94C-45DB-479A-BCEF-CA15E6A47FEA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{831B7DAE-190E-4E2A-BC61-3991179B551B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8483597B-46E5-4C77-ACDC-AADBF0793E52}" = lport=2869 | protocol=6 | dir=in | app=system | "{8D1BB866-2AC2-4E7E-989C-166EB21C416A}" = lport=138 | protocol=17 | dir=in | app=system | "{96A2F88F-4378-42E6-9804-22B46999D650}" = lport=10243 | protocol=6 | dir=in | app=system | "{9D0F090E-BCA0-4D93-9137-A3E682D22E02}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A248ACE9-78C0-4CC5-85FA-E956A440468D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A2A82CED-1FEA-49C3-91B7-7B3DA2DC5C57}" = lport=137 | protocol=17 | dir=in | app=system | "{A9624166-0825-490E-8EE7-975885923BC5}" = lport=139 | protocol=6 | dir=in | app=system | "{AF299934-0CC4-4724-963F-1099EDD3BA95}" = rport=139 | protocol=6 | dir=out | app=system | "{BCC9A104-604B-4387-BAE3-D1F9CAACFA37}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BE9BEE86-74D6-4741-878F-5C9F2E2C7325}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{C2138286-E097-46A6-89D5-8A754C218155}" = rport=10243 | protocol=6 | dir=out | app=system | "{C2CA0B5C-0E33-4D72-B4B3-7572BAAFCFA6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D9B9AAA8-60C4-436A-8645-4003235FB5E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DC6A3584-21F4-4AA4-AF63-8AE0B000B1F2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00988309-7B30-4C34-994A-6C01A1701B5A}" = protocol=6 | dir=out | app=system | "{00A0EC0F-B247-4C0B-9516-A9CBB7182E8D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{023C85E4-CD5C-440E-A1EF-67EB4559610D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{03A29763-A37B-43D5-A4E7-B928A677CE9C}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{10D3E0EF-8039-4DA4-A44E-885B7BFC119A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{14A3DA2F-97FE-46FE-9828-DFF1C09F14D8}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{15B973FC-2E04-4236-9738-49E4D7464E87}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{17731317-0A77-4D64-B3C3-09C774ED05D5}" = dir=out | name=jamie's recipes | "{1F068434-04E6-45EE-A3D5-544FFCF307F9}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{1F8B052F-F100-46E7-AFFD-7EE911A35136}" = dir=in | name=kindle | "{20197014-AB09-428E-925C-8B293724E12C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{20C578D6-3C4D-4A6C-8932-CCD6AABC525F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2128DA75-5634-48D3-B8EC-0099A5B35676}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{2227222B-A82C-4E72-960A-678260FE9025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{25BF0F2A-D25F-4978-8985-BCDB960FA0EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{25F56B12-E06D-4A96-83F6-D2D1C551742F}" = dir=out | name=music hub | "{2D31CC41-2874-413B-AF93-CFF7121E2389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2DC580FE-B150-4D9B-B295-8EFC5AEAC586}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{2FA29A5D-6300-4645-9DAD-6101BF2562DB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{389B13B5-5C84-488A-9D23-433838CDCC8F}" = protocol=6 | dir=in | app=c:\users\malte\appdata\local\temp\7zse5a7.tmp\symnrt.exe | "{40C08032-A567-4A82-B091-2473C9C91D49}" = dir=out | name=kindle | "{41050A7A-0739-440B-BED0-A429D57F4ADF}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{43E28805-454F-4580-B390-F3F049BAF810}" = dir=out | name=evernote | "{4CDFF93A-BE65-4E08-98BA-D17642D13ED6}" = dir=in | name=skype | "{4D8A574E-B441-4EF2-B45A-F541A1B1073C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{4E8C5049-A8EB-4D80-8EF3-38F683A8D9CE}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{5312B321-5F33-4615-8D04-373867659407}" = protocol=17 | dir=in | app=c:\users\malte\appdata\local\temp\7zse5a7.tmp\symnrt.exe | "{5765F1D1-659E-48C4-A2E7-0C6E629C41A2}" = dir=out | name=skype | "{5D60A647-38C4-4604-9125-236985D8BF93}" = dir=out | name=s gallery | "{61C16A80-1BAD-4E70-8185-3C755CBA5DEE}" = dir=in | name=evernote | "{6499C762-D07F-43DA-94EC-3B486268C1D0}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{68411BCD-A1F7-48BD-B9CA-B70EF71EAFB5}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{696B3C99-4512-4EC0-9957-B1D37A0C0A8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6C31A95F-6CFC-482F-9660-45D6ABEE1290}" = dir=out | name=chaton | "{732E6729-0953-43E0-AAEE-63CB36696491}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{75547563-4F55-49E3-92AF-CEA15342434A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{756D71E3-2DE3-47C2-8D36-EC8E9A5316C2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{77344A79-7B9F-4687-8E4E-D07C07DD310C}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{7A515E0A-BF48-467F-95BA-1FB69DB7FF07}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{7E2C3784-60A2-4430-9954-DDFA6E5B811C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{84E0FE4E-D467-41EB-A4C2-8E6CEBAA6E71}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{858CA8F3-C1D6-4D33-9BC7-82CE698173CB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{87BA492F-C6E8-4152-A6E2-CCB1EC9CC1A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8886D094-8C39-495F-8659-5C4914AB8F51}" = dir=out | name=merriam-webster dictionary | "{88ACB9D7-54F7-49DA-A083-31224BA8D82C}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{8A702C51-ED4A-48BC-9257-81D84EE3D7A6}" = dir=out | name=fresh paint | "{8F3ECC97-467B-40BA-A661-7AC4FD183704}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{902E6AFC-32BB-4D8D-8C41-E1BC927D9C66}" = dir=out | name=s player | "{932686DC-82A3-4FBF-995B-8A2985452A57}" = dir=out | name=windows_ie_ac_001 | "{A09DE2D4-69E8-4E28-9CBC-6871030B4191}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{A138F0F5-16CF-4996-8D78-87CD324311B4}" = dir=out | name=family story | "{A55EB585-F87E-4DD1-B836-6B69F329F023}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{A6629736-9F63-439E-9D33-99B24CEF1793}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB16DEC6-33EC-43F6-924E-F82873C5199B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{AE3D2A73-D57F-4CED-9FF7-6CBD7B9462A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AEC23253-785E-4F90-B1FF-2AAD6B12B8E4}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{C125EE7F-3828-4F05-A6EE-9FE77072410E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E8A18E6D-460A-4560-A476-DAC75E95626D}" = dir=out | name=photoeditor | "{F0A675CB-59EE-4964-9A32-9DBAB7717BB7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F2153430-B3E5-408F-AEAD-C20C53CB147D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F2890A00-2860-4450-985F-FBA5092D0468}" = dir=out | name=music maker jam | "{F2E2B49E-D8EC-4CD2-A6F2-A45A8B857361}" = dir=out | name=adera | "{FF17571D-DD7D-4AEF-B613-1C28E593C404}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{FF52FC7C-FC5F-4AD3-BFA8-557E9578DA0B}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{FFA90FAD-10C4-4E9A-BD77-E7B741048EA0}" = dir=out | name=s camera | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18BB06D9-8518-48E5-88F7-5AE1DF02546B}" = Help Desk "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{73280CF7-9471-4FB6-B018-E5FD7A09F1AF}" = Support Center "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{969B5BFB-094D-4D96-AC0C-C1A2675DB583}" = S Agent "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64 "9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) "Elantech" = ETDWare PS/2-X64 11.7.2.1_WHQL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials "{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{403BBE15-C64E-429A-9652-1C4EFF327457}" = SW Update "{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack "{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials "{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker "{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6C955C6B-83AB-402B-8E38-86CFBFB738B1}" = Support Center FAQ "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live "{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker "{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker "{9914AD8E-C0D6-420D-BEF6-40BF4DEDE3BA}" = User Guide "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie "{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common "{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials "{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "Intel AppUp(SM) center 33070" = Intel AppUp(SM) center "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Plants vs. Zombies" = Plants vs. Zombies "Secunia PSI" = Secunia PSI (3.0.0.7009) "WinLiveSuite" = Windows Live Essentials "Xerox PhotoCafe" = Xerox PhotoCafe [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 28.05.2013 10:18:22 | Computer Name = PC-Malte | Source = Software Protection Platform Service | ID = 8200 Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7 Error - 28.05.2013 10:18:22 | Computer Name = PC-Malte | Source = Software Protection Platform Service | ID = 1014 Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7 SKU-ID=9e4b231b-3e45-41f4-967f-c914f178b6ac Error - 28.05.2013 10:18:22 | Computer Name = PC-Malte | Source = Software Protection Platform Service | ID = 8198 Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x80072EE7 Befehlszeilenargumente: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 [ System Events ] Error - 31.05.2013 07:48:42 | Computer Name = PC-Malte | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2785220) Error - 31.05.2013 07:48:51 | Computer Name = PC-Malte | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Microsoft Camera Codec Pack unter Windows 8 für x64-basierte Systeme (KB2779444) Error - 31.05.2013 07:48:51 | Computer Name = PC-Malte | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2727528) Error - 31.05.2013 07:50:50 | Computer Name = PC-Malte | Source = Service Control Manager | ID = 7043 Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error - 31.05.2013 08:57:48 | Computer Name = PC-Malte | Source = Service Control Manager | ID = 7022 Description = Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. Error - 31.05.2013 09:19:21 | Computer Name = PC-Malte | Source = Service Control Manager | ID = 7038 Description = Der Dienst "TrustedInstaller" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 31.05.2013 09:19:21 | Computer Name = PC-Malte | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 31.05.2013 09:19:21 | Computer Name = PC-Malte | Source = DCOM | ID = 10005 Description = Error - 31.05.2013 09:26:41 | Computer Name = PC-Malte | Source = Service Control Manager | ID = 7022 Description = Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. Error - 31.05.2013 09:32:53 | Computer Name = PC-Malte | Source = Service Control Manager | ID = 7022 Description = Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. < End of report > "C:windows/system32/config/system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." Ich habe den Scan trotzdem durchgeführt. HTML-Code: GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-02 12:46:40 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a rev. 0,00MB Running: gmer_2.1.19163.exe; Driver: C:\Users\Malte\AppData\Local\Temp\uwriapoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff803016cd41c 1 byte [31] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1232] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1232] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1232] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] .text C:\windows\system32\nvvsvc.exe[1248] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\windows\system32\nvvsvc.exe[1248] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\windows\system32\nvvsvc.exe[1248] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] .text C:\windows\system32\nvvsvc.exe[1248] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe7c5f177a 4 bytes [5F, 7C, FE, 07] .text C:\windows\system32\nvvsvc.exe[1248] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe7c5f1782 4 bytes [5F, 7C, FE, 07] .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\windows\Explorer.EXE[2424] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[644] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[644] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[644] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4204] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4204] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4204] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4256] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4256] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4256] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fe70d21b32 4 bytes [D2, 70, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fe70d21b3a 4 bytes [D2, 70, FE, 07] .text C:\Windows\System32\igfxpers.exe[4420] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe7c5f177a 4 bytes [5F, 7C, FE, 07] .text C:\Windows\System32\igfxpers.exe[4420] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe7c5f1782 4 bytes [5F, 7C, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[4472] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[4472] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[4472] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe786f1532 4 bytes [6F, 78, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe786f153a 4 bytes [6F, 78, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4644] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe786f165a 4 bytes [6F, 78, FE, 07] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [748:772] fffff960008665e8 Thread C:\windows\system32\svchost.exe [476:216] 000007fe6fc610f0 Thread C:\windows\system32\svchost.exe [476:2012] 000007fe6f5d16b0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ---- |
| Themen zu Google-Meldung ungewöhnlicher Datenverkehr |
| bho, browser, computer, down, ebanking, error, excel, fehler 0x8007045b, firefox, flash player, frage, homepage, iexplore.exe, install.exe, internet security 2013, kaspersky, kaspersky internet security 2013, klelam.sys, logfile, mozilla, msvcrt, nvpciflt.sys, problem, prozess, realtek, registry, robot, scan, secunia psi, security, software, suchverlauf, svchost.exe, tastatur, trustedinstaller, ungewöhnlicher datenverkehr, windows |
Baum-Darstellung