| Marius356 | 26.11.2012 20:17 |
Kaspersky Antivirus lässt sich nicht deinstallieren (nicht mal mit kavremover.exe)
Hallo,
ich habe mir vor 1,5 Monaten KAV gekauft und bis letzte Woche lief die Software auch problemlos - bis mir aufgefallen ist, dass sie nicht mehr startet und dass man keine Dateien mehr per Kontext-Menü scannen kann (Windows 7 32bit-Version bzw. x86-basierter PC).
Weiterhin ist es nicht möglich Kaspersky Antivirus zu deinstallieren, weder über die normale Deinstallations-Routine noch über den kavremover.exe (Ver. 1.0.365.0).
Der kavremover.exe hängt sich nach Eingabe des Codes immer auf, genauso verhält es sich wenn mit neueste Version von Kaspersky Antivirus:
Am Ende der Installations-Routine hängt sich diese genauso auf und es passiert einfach nichts mehr. Man kann dann noch die Installation abbrechen, aber dann hängt das Programm auch wieder.
Die aktuelle bootfährige Rescue-Disk von KAV habe ich vorige Woche auch schon durchlaufen lassen - kein Ergebnis.
Danach habe ich MBAM durchlaufen lassen - mit dem Ergebnis: Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Datenbank Version: v2012.11.21.07
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Marius :: MARIUS-PC [Administrator]
21.11.2012 21:22:12
mbam-log-2012-11-21 (21-22-12).txt
Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|E:\|F:\|G:\|S:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328230
Laufzeit: 21 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
E:\$RECYCLE.BIN\S-1-5-21-3564716185-4010765718-1094017127-1000\$RUHMDW3.exe (PUP.BundleInstaller.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Ich habe schon GMER runtergeladen und durchlaufen lassen: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-21 22:58:14
Windows 6.1.7600 Harddisk1\DR1 -> \Device\00000060 WDC_WD10 rev.01.0
Running: qz533xb5.exe; Driver: C:\Users\Marius\AppData\Local\Temp\pxliypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x924AB0C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9245ED66]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9245F0AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9245F4F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9244779E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9245EA40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x92447D16]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x92447BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9245EF12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x924ADF2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x92447E36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x924AD3C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x924AD604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x924AD068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9245EFE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x924ACF0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x924477E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x924AB204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x924AAE6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x924ADD26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x9245D1D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x92447DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x92447C8C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x924ACAB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x924AE1D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x92447ECC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x924AD120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x92447F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x9245D3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x924ADBDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9245F2D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9245F166]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePortEx [0x9245F21C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9245F348]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x924AD906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9245EBCE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x924ADA62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x92447FF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x924AAF76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x924ACC56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x924AD7AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x9244800A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x924ACDB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x924AD2C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x924AE340]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x924AE06A]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82A92599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB7092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82ABE870 4 Bytes [C2, B0, 4A, 92] {RET 0x4ab0; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82ABE898 8 Bytes [66, ED, 45, 92, AE, F0, 45, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82ABE8DC 4 Bytes [F4, F4, 45, 92] {HLT ; HLT ; INC EBP; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82ABE908 4 Bytes [9E, 77, 44, 92] {SAHF ; JA 0x47; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82ABE92C 4 Bytes [40, EA, 45, 92]
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A0DAB000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A0DAB123 629 Bytes [65, DA, A0, FE, 05, 34, 65, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A0DAB399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A0DAB3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A0DAB4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
? C:\Users\Marius\AppData\Local\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] ntdll.dll!NtProtectVirtualMemory 77305000 5 Bytes JMP 6EA51A54 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] user32.dll!NotifyWinEvent + 48B 7743F724 4 Bytes [53, 2A, A5, 6E]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] ntdll.dll!NtProtectVirtualMemory 77305000 5 Bytes JMP 6EA51A54 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] user32.dll!NotifyWinEvent + 48B 7743F724 4 Bytes [53, 2A, A5, 6E]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1044] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75375E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0664
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF06D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlSizeHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtTerminateProcess] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2012] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0664
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF06D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlSizeHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtTerminateProcess] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys (Network filtering component/Kaspersky Lab)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys (Network filtering component/Kaspersky Lab)
---- EOF - GMER 1.0.15 ----
Ergebnis von OTL: Code:
OTL logfile created on: 26.11.2012 20:34:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marius\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 76,87% Memory free
3,69 Gb Paging File | 2,83 Gb Available in Paging File | 76,60% Paging File free
Paging file location(s): s:\pagefile.sys 200 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 20,78 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive E: | 450,00 Gb Total Space | 328,82 Gb Free Space | 73,07% Space Free | Partition Type: NTFS
Drive F: | 150,00 Gb Total Space | 149,49 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
Drive G: | 200,00 Gb Total Space | 107,63 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive S: | 10,00 Gb Total Space | 9,73 Gb Free Space | 97,25% Space Free | Partition Type: NTFS
Drive X: | 74,52 Gb Total Space | 74,42 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: MARIUS-PC | User Name: Marius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.26 20:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marius\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.15 17:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 10:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.05.15 10:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.10.23 21:57:04 | 001,200,128 | ---- | M] (ASUSTeK Inc.) -- F:\Programme\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.03.13 15:46:50 | 000,007,168 | ---- | M] () -- F:\Programme\ASUS\SmartDoctor\VOV32.dll
MOD - [2007.02.28 17:34:04 | 000,643,142 | ---- | M] () -- F:\Programme\ASUS\SmartDoctor\aticlocklib.dll
MOD - [2003.01.17 14:47:18 | 000,118,784 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2012.11.21 20:50:28 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 22:05:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.08 14:51:48 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.15 17:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.10.29 19:21:13 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.29 19:21:11 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.10.29 19:21:10 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.10.03 12:15:59 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012.06.08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.05.15 17:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 9F C8 0E AD 61 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A4A72C15-815B-4DE5-B5A0-CCE875F852B0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=67eed35d-8323-48be-a75a-06465df9a6e8&apn_sauid=F161BC25-4658-4507-9CEC-500C6E0845CC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.10.28 14:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.10.28 14:34:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.10.28 14:34:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.21 20:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 20:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: F:\Programme\Mozilla Thunderbird\components [2012.11.12 22:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: F:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 20:50:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: F:\Programme\Mozilla Thunderbird\components [2012.11.12 22:15:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: F:\Programme\Mozilla Thunderbird\plugins
[2012.07.14 11:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\Extensions
[2012.11.24 13:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\sx7gnvee.default\extensions
[2012.10.03 12:44:58 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\sx7gnvee.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.21 20:51:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\sx7gnvee.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.17 16:52:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\sx7gnvee.default\extensions\foxmarks@kei.com
[2012.11.14 22:35:41 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\firefox\profiles\sx7gnvee.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.11.24 13:18:21 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\firefox\profiles\sx7gnvee.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.21 20:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.21 20:50:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Programme\MS OFFICE\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\MS OFFICE\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907148B3-A25D-49C4-81B1-82B866F58BBB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.26 20:33:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marius\Desktop\OTL.exe
[2012.11.26 20:01:10 | 000,000,000 | ---D | C] -- C:\Users\Marius\Desktop\Erledigen
[2012.11.26 19:27:02 | 000,000,000 | ---D | C] -- C:\Users\Marius\Desktop\Jenny
[2012.11.24 14:16:25 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner
[2012.11.24 14:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner
[2012.11.24 13:35:27 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Canneverbe Limited
[2012.11.24 13:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.11.22 18:36:52 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.11.21 20:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2012.11.21 20:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.18 13:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.11.18 13:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.11.05 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\dvdcss
[2012.10.28 14:34:04 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012.10.28 14:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.10.28 14:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.10.28 14:33:57 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.10.28 14:33:57 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys
========== Files - Modified Within 30 Days ==========
[2012.11.26 20:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marius\Desktop\OTL.exe
[2012.11.26 20:30:20 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 20:30:20 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 20:29:11 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.26 20:29:11 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.26 20:29:11 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.26 20:29:11 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.26 20:24:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 20:24:45 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 20:23:14 | 000,000,000 | ---- | M] () -- C:\Users\Marius\defogger_reenable
[2012.11.26 20:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.23 15:31:21 | 000,327,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.22 20:50:02 | 000,171,884 | ---- | M] () -- E:\Documents\112212-17269-01.dmp
[2012.11.13 19:51:59 | 000,000,165 | ---- | M] () -- C:\Users\Marius\Desktop\download.htm
[2012.11.06 18:56:23 | 000,000,659 | ---- | M] () -- C:\Users\Marius\Desktop\SABnzbd.lnk
[2012.10.29 19:21:13 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
[2012.10.29 19:21:11 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
[2012.10.29 19:21:10 | 000,587,096 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.10.28 14:34:20 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
========== Files Created - No Company Name ==========
[2012.11.26 20:23:14 | 000,000,000 | ---- | C] () -- C:\Users\Marius\defogger_reenable
[2012.11.24 13:35:22 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.11.22 22:12:26 | 000,171,884 | ---- | C] () -- E:\Documents\112212-17269-01.dmp
[2012.11.13 19:48:53 | 000,000,165 | ---- | C] () -- C:\Users\Marius\Desktop\download.htm
[2012.11.06 18:56:23 | 000,000,659 | ---- | C] () -- C:\Users\Marius\Desktop\SABnzbd.lnk
[2012.10.28 14:34:30 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012.08.11 11:06:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.27 21:33:12 | 000,000,218 | ---- | C] () -- C:\Users\Marius\AppData\Local\recently-used.xbel
[2012.07.20 20:54:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.07.17 21:10:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.07.17 21:10:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.11.24 13:35:27 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Canneverbe Limited
[2012.10.03 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Dropbox
[2012.07.17 21:10:30 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\FreePDF
[2012.07.27 20:59:14 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Participatory Culture Foundation
[2012.07.15 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Thunderbird
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 26.11.2012 20:34:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marius\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 76,87% Memory free
3,69 Gb Paging File | 2,83 Gb Available in Paging File | 76,60% Paging File free
Paging file location(s): s:\pagefile.sys 200 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 20,78 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive E: | 450,00 Gb Total Space | 328,82 Gb Free Space | 73,07% Space Free | Partition Type: NTFS
Drive F: | 150,00 Gb Total Space | 149,49 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
Drive G: | 200,00 Gb Total Space | 107,63 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive S: | 10,00 Gb Total Space | 9,73 Gb Free Space | 97,25% Space Free | Partition Type: NTFS
Drive X: | 74,52 Gb Total Space | 74,42 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: MARIUS-PC | User Name: Marius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "F:\Programme\MS OFFICE\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "F:\Programme\MS OFFICE\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B6C0B1-EF26-46A4-9EED-DC619AC33101}" = lport=138 | protocol=17 | dir=in | app=system |
"{0B2FBD95-176A-486E-93CD-0E7F1599A24F}" = rport=139 | protocol=6 | dir=out | app=system |
"{314993F7-8BC3-4589-8C9D-78DDE86A9FC2}" = lport=139 | protocol=6 | dir=in | app=system |
"{3AA8A0D6-8BED-4CE4-83B6-229E53AB7652}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C4BA14C-7CC2-4867-B1F3-D1626FA2653A}" = lport=137 | protocol=17 | dir=in | app=system |
"{3E2895A5-069D-4EC1-8FE4-4E66FC3AFFDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{49C945D1-AFC2-4DAA-ADFA-15192CC517A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C50F00E-8115-4D5E-8722-553D6C2E1443}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2EB5422-2CDE-4CD3-9AA2-814A671E258E}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7DB1F0C-95C3-41B1-8EFF-EB64070440BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC1BF896-300B-4B9C-97F6-0E1A47B071F8}" = rport=445 | protocol=6 | dir=out | app=system |
"{DAB11AC7-DB1F-466E-B3E3-DF792904959D}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0050BCB6-7D29-458F-873C-0922D5C37A98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{079F58F4-B7FB-48F5-86D6-9C1F8AA4A868}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{0BF3766C-C170-44A3-9D8D-DF645C6533D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{11302862-861F-4D0B-9E52-888803DF7407}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{149E7872-5988-45DA-86B3-F63B2E4776C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{17F0EC8B-EC0E-47CF-99A6-D747B99D4AC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1C5C0941-7EDF-4CD1-8281-83F458463A46}" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\counter-strike\hl.exe |
"{23FCF04D-538D-4A65-A4BA-7B85B7441D34}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{27CA3246-67DB-4C2D-97CD-1BAC7FE42CF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2A97FE86-27EF-4F95-BF4E-515436399580}" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\day of defeat\hl.exe |
"{2B3FEC19-73C0-40D6-A01A-1FEFC2F724E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3102B5D5-BABC-43F2-96AF-0E0096077769}" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\counter-strike\hl.exe |
"{32FF964F-57FA-4670-8EF7-B895A0DF53FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{38B2EEF2-C125-4AC0-8B2B-B5011342B52E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{3ACE9A6A-9FDE-4BB6-B14B-6B4694127E42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3C3F436B-7016-46A6-B801-13327F14A93F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{48F48D8A-AF83-49F1-99A5-DCD0C1DD9082}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4DC2EF97-C9ED-4A9E-966B-927BB43ACCD8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4DD20344-2E9E-4C55-89EF-778916F6AA54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{50299F72-1522-4B71-A9FF-4A84A144400E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{51445D42-53E2-490C-A73C-B6856B175014}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{56009210-8E18-470E-85F3-FB4B2C6C2930}" = protocol=6 | dir=in | app=g:\steam\steam.exe |
"{5E2068C5-D830-4051-9D3F-73DBF19E812D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{677A39F7-3849-44AA-AFF9-91CBEFB7591D}" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\half-life\hl.exe |
"{6F90C70C-84B1-42A1-92C4-85464300A2BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{715B8C5B-D24E-4F99-8576-2F02B88139FB}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{7E35CFEB-B0F3-45BB-B35A-73C01AB45A50}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{7F90031E-143F-47B8-AFF4-D6EA016F58E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{84D05919-93B7-4365-AF0C-2C8DA122BB79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8C0638F5-FD29-414A-BB00-C2618C14191E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{92B5D57B-A78F-453F-B1CE-3A499655CA41}" = protocol=17 | dir=in | app=g:\steam\steam.exe |
"{9C6DB683-339B-4C97-8EBB-2BBD3173B09C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{9F0814D7-85F1-41AA-826E-15B4B466EC10}" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\day of defeat\hl.exe |
"{A9F537CA-E3C9-427B-8A94-0AB87C14A434}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADD48912-B67E-4ADF-8428-6CE8AAA1EB01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{D9FA5A7C-81F3-405B-9242-CAB0E0B681BC}" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\half-life\hl.exe |
"{DFF522C4-05E5-4E42-8DB3-92A706EF4EF0}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{E885B0D2-2F86-4773-AA58-672C9E6EB097}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E8CFF163-8FA2-4624-A2D9-A73BF9D4552E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E90C4E84-F66B-4479-8084-081542C1CEE8}" = protocol=17 | dir=in | app=c:\users\marius\appdata\roaming\dropbox\bin\dropbox.exe |
"{EEA73DA7-E8B3-49D7-BB5E-E865D1C67CA8}" = dir=in | app=f:\programme\itunes\itunes.exe |
"{F1A0BCB7-2BDC-42CE-95E1-7A1795BECF64}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F28B8873-4020-4276-82D6-8719055607E7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FFDF8B6F-A011-4FCE-94BF-7D0250C9DC8B}" = protocol=6 | dir=in | app=c:\users\marius\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0650D5BD-BFFE-411C-A4AD-FE963DE83587}G:\s.t.a.l.k.e.r\bin\xr_3da.exe" = protocol=6 | dir=in | app=g:\s.t.a.l.k.e.r\bin\xr_3da.exe |
"TCP Query User{20B84849-FE28-4AD5-A839-4288070FA851}G:\steam\steamapps\dervaddi\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\team fortress 2\hl2.exe |
"TCP Query User{B19F848D-75CF-4742-BF84-1C3A777FAF0E}G:\steam\steamapps\dervaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\half-life 2 deathmatch\hl2.exe |
"TCP Query User{DBF5E7D2-C119-4664-82BF-97B125DCFB81}G:\steam\steamapps\dervaddi\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\dervaddi\half-life deathmatch source\hl2.exe |
"TCP Query User{F21C767D-F217-4978-B935-5F77A18AA42C}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{06EB5766-6752-454E-91A7-96B977D11BC2}G:\steam\steamapps\dervaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\half-life 2 deathmatch\hl2.exe |
"UDP Query User{2EB2FEF6-AF99-4CC8-948A-69F5322B6B55}G:\steam\steamapps\dervaddi\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\half-life deathmatch source\hl2.exe |
"UDP Query User{BFE9388D-BB04-4F0E-BFAD-7A12D6941992}G:\s.t.a.l.k.e.r\bin\xr_3da.exe" = protocol=17 | dir=in | app=g:\s.t.a.l.k.e.r\bin\xr_3da.exe |
"UDP Query User{C612E09F-AF90-4EB2-A8C6-C7934F87BC78}G:\steam\steamapps\dervaddi\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\dervaddi\team fortress 2\hl2.exe |
"UDP Query User{DBF234C6-342F-4157-97D9-BB052A1189BB}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9A8C75F6-E5CC-47F9-962A-73FE54A8AF41}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced IP Scanner v1.4" = Advanced IP Scanner v1.4
"CCleaner" = CCleaner
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealVNCViewer_is1" = VNC Viewer 5.0.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SABnzbd" = SABnzbd 0.7.5
"Steam App 10" = Counter-Strike
"Steam App 220" = Half-Life 2
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 40" = Deathmatch Classic
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 70" = Half-Life
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2012 08:38:48 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 18.11.2012 08:39:31 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 18.11.2012 08:39:32 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 21.11.2012 13:53:27 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 21.11.2012 16:16:21 | Computer Name = Marius-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 21.11.2012 17:58:39 | Computer Name = Marius-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 22.11.2012 14:45:41 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 22.11.2012 17:52:16 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 22.11.2012 17:52:17 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
Error - 22.11.2012 17:55:04 | Computer Name = Marius-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Windows 7 Service Pack 1 (KB976932)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2756822)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008 x86 (KB2729449)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter
WDDM1.2, Other hardware - NVIDIA GeForce 8800 GTS
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2529073)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
3.5.1 unter Windows 7 x86 (KB2729451)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008 x86 (KB2737019)
Error - 22.11.2012 17:55:54 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2749655)
Error - 22.11.2012 17:56:03 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2600217)
Error - 22.11.2012 17:56:03 | Computer Name = Marius-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2647753)
< End of report >
Hat jemand einen Vorschlag, was man noch machen könnte?
Muss ich meinen Rechner formattieren oder gibt es noch eine Chance den Virus / Rootkit (??) zu neutralisieren?
Danke für Eure Hife,
Marius |
