Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Merkwürdiges Popupfenster geht auf!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.06.2013, 15:27   #1
matwhv
 
Merkwürdiges Popupfenster geht auf! - Standard

Merkwürdiges Popupfenster geht auf!



Guten Tag

Ich habe seit einiger Zeit ein Problem mit einem Fenster das rechts unten auf dem Screen aufgeht.
Das Fenster hat keinen Inhalt .. ist weiss und fährt langsam von unten hoch.
Dieses Fenster taucht immer sporadisch beim Sufen auf und NERVT!!



Ich habe Malwarebite schon scannen lassen. Ohne Erfolg
Als Antivirenprogramm benutze ich Kaspersky.
Ich weiss das diese Info recht dürftig ist ... aber besser beschreiben kann ich es nicht.

Vieleicht haben auch noch andere dieses Problem.


Gruß Mattes

Sooo vielen Dank schon mal für die schnelle Antwort:

Hier sind die benötigten Scans:
OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2013 16:54:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ADMIN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,77 Gb Available Physical Memory | 86,25% Memory free
31,92 Gb Paging File | 29,87 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 8,59 Gb Free Space | 14,41% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1076,26 Gb Free Space | 77,03% Space Free | Partition Type: NTFS
Drive Q: | 2749,20 Gb Total Space | 884,06 Gb Free Space | 32,16% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.11 16:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 04:44:05 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.04.18 22:15:42 | 000,412,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.02.08 18:03:58 | 002,128,680 | ---- | M] (Gainward Co. Ltd.) -- D:\Program Files (x86)\EXPERTool\TBPanel.exe
PRC - [2012.11.14 20:28:04 | 001,133,176 | R--- | M] (ACD Systems) -- D:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
PRC - [2012.09.26 14:49:48 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
PRC - [2012.09.05 02:18:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2012.09.01 19:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.09.01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012.04.17 08:13:04 | 001,738,352 | ---- | M] () -- d:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe
PRC - [2011.07.12 10:14:26 | 000,331,776 | R--- | M] (VIA Technologies, Inc.) -- C:\VIA_XHCI\usb3Monitor.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008.05.13 02:39:24 | 000,028,144 | ---- | M] (WeOnlyDo Software) -- D:\Program Files (x86)\Braid Art Labs\GroBoto\bin\wodUpdSv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 21:19:30 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0e5d2997438866de453e8b1401d84398\System.ServiceModel.Discovery.ni.dll
MOD - [2013.05.16 21:19:30 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\98e8641e2ca570f03352a91836b0b97a\System.ServiceModel.Routing.ni.dll
MOD - [2013.05.16 21:19:29 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a75004c8363a598f4997686c16ae55e\System.ServiceModel.Channels.ni.dll
MOD - [2013.05.16 21:19:17 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\66cd1f52f3d80e02efa25c0fd795a278\System.ServiceModel.Web.ni.dll
MOD - [2013.05.16 21:18:29 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c\System.ServiceModel.Activities.ni.dll
MOD - [2013.05.16 21:18:28 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll
MOD - [2013.05.16 21:18:27 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013.05.16 05:27:41 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.05.16 05:27:40 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013.05.15 22:42:07 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.15 22:42:05 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013.05.15 22:42:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.02.21 15:05:49 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\46c1da3f2c4c666140a414394e1cb20b\System.WorkflowServices.ni.dll
MOD - [2013.02.21 14:14:03 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\c86f9a0e5c9ac27363065da766d5670e\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013.02.21 14:14:02 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\f073337386f694d16928fe7ccf0c5e50\IAStorCommon.ni.dll
MOD - [2013.02.21 14:14:00 | 000,361,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\32c3c1ab0c865403bd47b0e4b8c6adf1\IAStorUtil.ni.dll
MOD - [2013.02.21 14:13:57 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.02.21 14:13:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013.02.21 14:13:51 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.02.21 08:13:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.02.21 08:13:16 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.02.21 08:13:15 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.02.21 08:13:10 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.12.28 10:42:22 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
MOD - [2012.09.26 14:49:48 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
MOD - [2012.04.17 08:13:04 | 001,738,352 | ---- | M] () -- d:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe
MOD - [2011.03.04 13:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 13:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 13:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.04 13:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.24 13:13:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 18:34:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.19 06:24:21 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.04.18 22:15:42 | 000,412,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.18 16:57:42 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.27 19:07:38 | 000,104,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe -- (SENADB)
SRV - [2012.09.05 02:18:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012.09.01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.08.30 16:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.05.13 02:39:24 | 000,028,144 | ---- | M] (WeOnlyDo Software) [Auto | Running] -- D:\Program Files (x86)\Braid Art Labs\GroBoto\bin\wodUpdSv.exe -- (WeOnlyDo wodAppUpdate Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.24 16:53:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.04.24 16:53:03 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.04.24 16:53:03 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.23 02:15:46 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.02.22 07:32:08 | 000,160,256 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012.12.29 12:34:47 | 000,447,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012.10.25 13:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.10.25 13:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.10.16 09:53:20 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.10.16 09:53:20 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.10.16 09:53:20 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.09.01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.09.01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.07.23 13:32:41 | 000,102,160 | ---- | M] (Yune Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MsgPlusDriver.sys -- (MsgPlusDriver)
DRV:64bit: - [2012.07.12 20:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.05.04 13:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.20 06:39:16 | 000,205,312 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012.01.20 06:39:04 | 000,254,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.08.11 08:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.08.09 07:42:36 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.08.09 07:42:36 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.10.07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009.10.07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 22:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.03.03 03:05:11 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.03.03 02:58:09 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2013.03.03 02:57:48 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80E61470-0AE3-4A62-983A-6FCAD82B01DE}
IE:64bit: - HKLM\..\SearchScopes\{80E61470-0AE3-4A62-983A-6FCAD82B01DE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {80E61470-0AE3-4A62-983A-6FCAD82B01DE}
IE - HKLM\..\SearchScopes\{80E61470-0AE3-4A62-983A-6FCAD82B01DE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE A1 B2 17 44 DC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{AD21EAF2-89F5-479A-9459-FED622459603}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=0bd5824a-6817-48d1-80b0-3a267024645b&apn_sauid=1618D5CC-B134-4A65-AC95-42168862E213
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: e180d6e8-52cd-41d9-9002-9e43f22d4c91%407466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com:0.91.11
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:18.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files\PS\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files\PS\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 16:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 16:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 16:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.24 16:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.24 16:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.20 18:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\Extensions
[2013.05.29 22:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\6w1e16cn.default\extensions
[2013.05.29 22:54:06 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\6w1e16cn.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013.05.25 20:34:25 | 000,000,000 | ---D | M] ("Plus-HD-1.5") -- C:\Users\ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\6w1e16cn.default\extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com
[2013.04.06 17:16:41 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\6w1e16cn.default\extensions\ich@maltegoetz.de
[2013.05.25 20:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\6w1e16cn.default\extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\chrome\content\extensionCode
[2013.03.02 20:46:49 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\firefox\profiles\6w1e16cn.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.02.22 19:35:24 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\firefox\profiles\6w1e16cn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.05.08 22:37:45 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\firefox\profiles\6w1e16cn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.22 18:51:34 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\firefox\profiles\6w1e16cn.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.20 20:15:26 | 000,002,344 | ---- | M] () -- C:\Users\ADMIN\AppData\Roaming\mozilla\firefox\profiles\6w1e16cn.default\searchplugins\askcom.xml
[2013.06.09 09:39:23 | 000,006,350 | ---- | M] () -- C:\Users\ADMIN\AppData\Roaming\mozilla\firefox\profiles\6w1e16cn.default\searchplugins\Google.xml
[2013.02.23 11:26:05 | 000,004,140 | ---- | M] () -- C:\Users\ADMIN\AppData\Roaming\mozilla\firefox\profiles\6w1e16cn.default\searchplugins\youtube.xml
[2013.05.24 13:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 13:13:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.24 16:53:04 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
 
O1 HOSTS File: ([2013.03.03 23:09:14 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	acdid.acdsystems.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Plus-HD-1.5) - {11111111-1111-1111-1111-110311201100} - C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-bho.dll (Plus HD)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [ACPW06DE] D:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LauncherM1400] "C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe" /S EPSON AL-M1400 File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [M1400 RUN] C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe ()
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [StatusAutoRunM1400] "C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON AL-M1400,hide,\S File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EADM] d:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [TBPanel] D:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co. Ltd.)
O4 - Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F397D0DE-AD16-49C0-ADD9-1821369BE8C3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{83f796aa-7b74-11e2-a7ba-902b34d0c048}\Shell - "" = AutoRun
O33 - MountPoints2\{83f796aa-7b74-11e2-a7ba-902b34d0c048}\Shell\AutoRun\command - "" = F:\LAUNCH.EXE
O33 - MountPoints2\{83f796c0-7b74-11e2-a7ba-902b34d0c048}\Shell - "" = AutoRun
O33 - MountPoints2\{83f796c0-7b74-11e2-a7ba-902b34d0c048}\Shell\AutoRun\command - "" = G:\LAUNCH.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 16:45:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
[2013.06.09 09:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.09 09:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.09 09:29:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.06.08 19:47:20 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Malwarebytes
[2013.06.08 19:47:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.08 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.08 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.01 13:15:10 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\DVDFab9
[2013.05.29 23:22:01 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\TH2
[2013.05.29 22:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Overloud
[2013.05.29 22:33:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overloud
[2013.05.29 22:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Overloud
[2013.05.25 20:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-1.5
[2013.05.24 13:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.22 20:03:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\VoiCode
[2013.05.20 12:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KENWOOD
[2013.05.20 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAC
[2013.05.20 10:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAC
[2013.05.17 18:03:06 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Afreet
[2013.05.17 18:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omni-Rig
[2013.05.17 18:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Afreet
[2013.05.17 18:02:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UR5EQF_Log 3
[2013.05.15 22:40:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 22:40:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.15 22:40:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.15 22:40:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 22:40:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.15 22:40:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.15 22:40:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 22:40:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 22:40:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 22:40:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.15 22:40:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 22:40:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.15 22:40:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.15 22:40:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.15 22:40:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.15 22:34:14 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MixW
[2013.05.15 22:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MixW
[2013.05.15 15:36:41 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 15:36:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 15:36:39 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 15:36:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 15:36:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 15:36:39 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 15:36:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 16:49:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 16:36:35 | 000,377,856 | ---- | M] () -- C:\Users\ADMIN\Desktop\gmer_2.1.19163.exe
[2013.06.11 16:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
[2013.06.11 16:35:35 | 000,050,477 | ---- | M] () -- C:\Users\ADMIN\Desktop\Defogger.exe
[2013.06.11 16:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.11 15:46:43 | 000,025,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 15:46:43 | 000,025,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 15:44:23 | 001,615,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.11 15:44:23 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.11 15:44:23 | 000,652,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.11 15:44:23 | 000,148,468 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.11 15:44:23 | 000,121,422 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.11 15:39:54 | 000,001,814 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.5-firefoxinstaller.job
[2013.06.11 15:39:54 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.5-updater.job
[2013.06.11 15:39:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 15:39:53 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.5-codedownloader.job
[2013.06.11 15:39:53 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.5-enabler.job
[2013.06.11 15:39:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.06.11 15:39:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 15:39:35 | 4263,567,358 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 09:36:21 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.08 19:47:11 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.06 04:52:04 | 000,001,057 | ---- | M] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.06 04:52:00 | 000,001,025 | ---- | M] () -- C:\Users\ADMIN\Desktop\Dropbox.lnk
[2013.06.01 17:52:03 | 000,000,832 | ---- | M] () -- C:\Users\ADMIN\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2013.06.01 13:15:07 | 000,000,719 | ---- | M] () -- C:\Users\ADMIN\Desktop\DVDFab 9.lnk
[2013.05.31 21:01:25 | 000,000,095 | ---- | M] () -- C:\Windows\aalog.INI
[2013.05.31 20:58:34 | 000,000,086 | ---- | M] () -- C:\Windows\LOGINPUT.INI
[2013.05.29 22:33:44 | 000,001,052 | ---- | M] () -- C:\Users\ADMIN\Desktop\TH2.lnk
[2013.05.28 05:28:18 | 000,012,168 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130528_0528_DF4FW.adi
[2013.05.27 22:11:58 | 000,011,586 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130527_2211_DF4FW.adi
[2013.05.27 19:42:38 | 000,000,609 | ---- | M] () -- C:\Users\ADMIN\Desktop\DF4FW.lnk
[2013.05.27 19:40:40 | 000,011,278 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130527_1940_DF4FW.adi
[2013.05.27 05:25:17 | 000,011,278 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130527_0525_DF4FW.adi
[2013.05.26 22:24:00 | 000,011,278 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130526_2223_DF4FW.adi
[2013.05.25 23:52:14 | 000,009,355 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130525_2352_DF4FW.adi
[2013.05.24 22:36:38 | 000,004,967 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130524_2236_DF4FW.adi
[2013.05.24 05:25:46 | 000,004,454 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130524_0525_DF4FW.adi
[2013.05.23 22:59:45 | 000,004,156 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130523_2259_DF4FW.adi
[2013.05.23 05:20:51 | 000,003,238 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130523_0520_DF4FW.adi
[2013.05.22 22:17:30 | 000,003,238 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130522_2217_DF4FW.adi
[2013.05.22 19:52:26 | 000,003,238 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130522_1952_DF4FW.adi
[2013.05.22 05:18:32 | 000,003,238 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130522_0518_DF4FW.adi
[2013.05.21 23:09:17 | 000,003,238 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130521_2309_DF4FW.adi
[2013.05.21 19:31:26 | 000,002,683 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130521_1931_DF4FW.adi
[2013.05.21 17:40:36 | 000,002,683 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130521_1740_DF4FW.adi
[2013.05.21 17:38:01 | 000,002,683 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130521_1737_DF4FW.adi
[2013.05.21 05:25:50 | 000,002,683 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130521_0525_DF4FW.adi
[2013.05.20 22:55:29 | 000,002,088 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130520_2255_DF4FW.adi
[2013.05.20 12:33:08 | 000,000,472 | ---- | M] () -- C:\Users\ADMIN\raccalbk.ini
[2013.05.20 12:30:41 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\ARCP-480.lnk
[2013.05.20 12:26:57 | 000,001,528 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130520_1226_DF4FW.adi
[2013.05.20 01:04:14 | 000,001,528 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130520_0104_DF4FW.adi
[2013.05.19 10:05:43 | 000,000,983 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130519_1005_DF4FW.adi
[2013.05.19 01:28:37 | 000,000,725 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130519_0128_DF4FW.adi
[2013.05.19 00:30:43 | 000,000,725 | ---- | M] () -- C:\Users\ADMIN\Documents\all_auto_20130519_0030_DF4FW.adi
[2013.05.17 18:03:06 | 000,000,324 | ---- | M] () -- C:\Windows\TabSettings.INI
[2013.05.17 18:02:29 | 000,000,991 | ---- | M] () -- C:\Users\ADMIN\Desktop\UR5EQF_updater.lnk
[2013.05.17 18:02:29 | 000,000,972 | ---- | M] () -- C:\Users\ADMIN\Desktop\UR5EQF_Log 3.lnk
[2013.05.16 04:41:14 | 004,893,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 18:34:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 18:34:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 16:45:48 | 000,050,477 | ---- | C] () -- C:\Users\ADMIN\Desktop\Defogger.exe
[2013.06.11 16:39:37 | 000,377,856 | ---- | C] () -- C:\Users\ADMIN\Desktop\gmer_2.1.19163.exe
[2013.06.09 09:36:21 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.08 19:47:11 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.29 22:33:44 | 000,001,052 | ---- | C] () -- C:\Users\ADMIN\Desktop\TH2.lnk
[2013.05.28 05:28:18 | 000,012,168 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130528_0528_DF4FW.adi
[2013.05.27 22:11:57 | 000,011,586 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130527_2211_DF4FW.adi
[2013.05.27 19:42:38 | 000,000,609 | ---- | C] () -- C:\Users\ADMIN\Desktop\DF4FW.lnk
[2013.05.27 19:40:40 | 000,011,278 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130527_1940_DF4FW.adi
[2013.05.27 05:25:17 | 000,011,278 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130527_0525_DF4FW.adi
[2013.05.26 22:24:00 | 000,011,278 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130526_2223_DF4FW.adi
[2013.05.25 23:52:14 | 000,009,355 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130525_2352_DF4FW.adi
[2013.05.25 20:34:33 | 000,001,170 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.5-updater.job
[2013.05.25 20:34:31 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.5-enabler.job
[2013.05.25 20:34:29 | 000,001,182 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.5-codedownloader.job
[2013.05.25 20:34:24 | 000,001,814 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.5-firefoxinstaller.job
[2013.05.24 22:36:37 | 000,004,967 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130524_2236_DF4FW.adi
[2013.05.24 05:25:46 | 000,004,454 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130524_0525_DF4FW.adi
[2013.05.23 22:59:45 | 000,004,156 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130523_2259_DF4FW.adi
[2013.05.23 05:20:51 | 000,003,238 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130523_0520_DF4FW.adi
[2013.05.22 22:17:30 | 000,003,238 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130522_2217_DF4FW.adi
[2013.05.22 19:52:26 | 000,003,238 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130522_1952_DF4FW.adi
[2013.05.22 05:18:32 | 000,003,238 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130522_0518_DF4FW.adi
[2013.05.21 23:09:17 | 000,003,238 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130521_2309_DF4FW.adi
[2013.05.21 19:31:26 | 000,002,683 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130521_1931_DF4FW.adi
[2013.05.21 17:40:36 | 000,002,683 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130521_1740_DF4FW.adi
[2013.05.21 17:38:01 | 000,002,683 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130521_1737_DF4FW.adi
[2013.05.21 05:25:50 | 000,002,683 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130521_0525_DF4FW.adi
[2013.05.20 22:55:29 | 000,002,088 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130520_2255_DF4FW.adi
[2013.05.20 12:30:41 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\ARCP-480.lnk
[2013.05.20 12:26:57 | 000,001,528 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130520_1226_DF4FW.adi
[2013.05.20 09:54:23 | 000,000,472 | ---- | C] () -- C:\Users\ADMIN\raccalbk.ini
[2013.05.20 01:04:14 | 000,001,528 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130520_0104_DF4FW.adi
[2013.05.19 10:05:43 | 000,000,983 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130519_1005_DF4FW.adi
[2013.05.19 01:28:37 | 000,000,725 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130519_0128_DF4FW.adi
[2013.05.19 00:30:43 | 000,000,725 | ---- | C] () -- C:\Users\ADMIN\Documents\all_auto_20130519_0030_DF4FW.adi
[2013.05.17 18:03:06 | 000,000,324 | ---- | C] () -- C:\Windows\TabSettings.INI
[2013.05.17 18:03:06 | 000,000,095 | ---- | C] () -- C:\Windows\aalog.INI
[2013.05.17 18:02:29 | 000,000,991 | ---- | C] () -- C:\Users\ADMIN\Desktop\UR5EQF_updater.lnk
[2013.05.17 18:02:29 | 000,000,972 | ---- | C] () -- C:\Users\ADMIN\Desktop\UR5EQF_Log 3.lnk
[2013.04.12 09:29:07 | 000,000,213 | ---- | C] () -- C:\Windows\PCWGXDRV.INI
[2013.04.12 09:29:07 | 000,000,086 | ---- | C] () -- C:\Windows\LOGINPUT.INI
[2013.03.19 22:56:30 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2013.03.19 22:56:26 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2013.03.19 22:56:26 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2013.03.12 09:45:43 | 000,000,073 | ---- | C] () -- C:\Users\ADMIN\AppData\Local\X-Plane_drm.prf
[2013.02.23 21:00:37 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC64.dll
[2013.02.23 20:57:31 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2013.02.21 17:32:45 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\sehr4aLM.DLL
[2013.02.21 10:22:45 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013.02.21 10:14:43 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.02.21 06:50:48 | 000,000,080 | ---- | C] () -- C:\Users\ADMIN\AppData\Local\X-Plane Installer.prf
[2012.12.17 11:18:14 | 001,592,936 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.11 13:23:21 | 000,007,800 | ---- | C] () -- C:\Windows\cadx2.ini
[2012.09.05 02:18:08 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2012.07.02 22:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012.02.03 05:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll
[2011.09.22 18:31:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.06.15 13:37:00 | 001,108,992 | ---- | C] () -- C:\Windows\SysWow64\phidget21.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 256 bytes -> C:\Windows:nlsPreferences

< End of report >
         
--- --- ---

--- --- ---

[/QUOTE]

GMER SCAN

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-11 16:43:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000070 ATA_____ rev.010G 59,63GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\awtorpod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey         0000000077bdfa88 5 bytes JMP 0000000172dd139e
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory  0000000077be0018 5 bytes JMP 0000000172dd1a54
.text   C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000077061465 2 bytes [06, 77]
.text   C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000770614bb 2 bytes [06, 77]
.text   ...                                                                                                                                       * 2
.text   d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000077061465 2 bytes [06, 77]
.text   d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           00000000770614bb 2 bytes [06, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000077061465 2 bytes [06, 77]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000770614bb 2 bytes [06, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                        00000000742e11a8 2 bytes [2E, 74]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 385                                       00000000742e1306 2 bytes CALL 82d40 C:\Windows\TEMP\logishrd\LVPrcInj01.dll
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                  00000000742e13a8 2 bytes [2E, 74]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                      00000000742e1422 2 bytes [2E, 74]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                               00000000742e1498 2 bytes [2E, 74]
.text   C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe[3256] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                      0000000077061465 2 bytes [06, 77]
.text   C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe[3256] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                     00000000770614bb 2 bytes [06, 77]
.text   ...                                                                                                                                       * 2
.text   D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000077061465 2 bytes [06, 77]
.text   D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000770614bb 2 bytes [06, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         0000000077061465 2 bytes [06, 77]
.text   C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000770614bb 2 bytes [06, 77]
.text   ...                                                                                                                                       * 2
.text   d:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000077061465 2 bytes [06, 77]
.text   d:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000770614bb 2 bytes [06, 77]
.text   ...                                                                                                                                       * 2

---- Kernel IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                           [fffff88004a7bd18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- User IAT/EAT - GMER 2.1 ----

IAT     C:\Program Files\Windows Sidebar\sidebar.exe[3548] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose]                                [1f3500] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT     C:\Program Files\Windows Sidebar\sidebar.exe[3548] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile]                           [1f3960] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT     C:\Program Files\Windows Sidebar\sidebar.exe[3548] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile]                  [1f32f0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT     C:\Program Files\Windows Sidebar\sidebar.exe[3548] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDuplicateObject]                      [1f33d0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4992:5984]                                                                            000007fefc2d2a7c

---- EOF - GMER 2.1 ----
         
--- --- ---


EXTRAS

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.06.2013 16:54:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ADMIN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,77 Gb Available Physical Memory | 86,25% Memory free
31,92 Gb Paging File | 29,87 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 8,59 Gb Free Space | 14,41% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1076,26 Gb Free Space | 77,03% Space Free | Partition Type: NTFS
Drive Q: | 2749,20 Gb Total Space | 884,06 Gb Free Space | 32,16% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "D:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Program Files\PS\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "D:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Program Files\PS\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F64053-95A8-43DB-9327-76C176F22265}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{11309D73-ECF7-4D2B-8A73-11CAA2EF1CB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{176118CD-DF9F-44DE-A161-AFAE814BDBCE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{19F4E996-AB82-4A45-B1A5-58BA0AB22712}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B1EBF7B-8D54-493E-9D36-1258CE142FCB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2BF1269D-F107-4315-8C85-1A331F175C16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{42EDD070-AAC4-4144-AC5D-D8E061D052C1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4FDAF976-F561-4649-AF72-2387C9BB1273}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4FE295B2-02C1-47C6-85FA-C7B6C8BB9B47}" = rport=138 | protocol=17 | dir=out | app=system | 
"{55B47F9E-A11E-426B-B60D-45B7EB859729}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7530458E-ADFC-4116-875F-C31EA397AE45}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C3D71D3-40D8-49E3-92C0-17228BFAF43B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{905167D5-3628-4EDE-8FC6-653400BED9B4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{91D99C65-7639-49C1-B52E-A389DEB9C12F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A13B2B54-B3C1-4714-A516-07C8729F2423}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ABDD6413-6114-4239-BF05-627BE9300384}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C29278FD-9EED-4963-9C29-23534AF1D4A4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{D053F88E-B68A-4821-892A-096873FF61C6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E4BE47F0-41CE-454A-BE8F-8E035A94882C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EC1C552F-1A48-4897-8A65-6F12E5523814}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC69F160-57D1-406D-B952-9EF93FD4BA31}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED25B02F-3B76-40CA-9930-FC0F2C24B771}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C28DC4C-47FA-4146-8D26-5A143F3AA62B}" = protocol=6 | dir=in | app=d:\program files (x86)\nero\km\kwikmedia.exe | 
"{18823A2B-0E1B-4BF0-BDBC-D436DBB81F39}" = protocol=17 | dir=in | app=d:\g a m e s\crysis 3\bin32\crysis3.exe | 
"{1E84B82C-38E2-4364-AF42-C2080F1946EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{383AFBBC-7129-4725-A658-3B2E7C9B4CF2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3F90BF6F-E5DD-4A85-923B-CAA119C2C6E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{451F4A87-F7BB-4969-9CEF-EDF237F64555}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{47A9C28D-3176-4A63-ACE7-C74618D3C783}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{51D82B37-F6F2-4A7D-A44A-630ACF7BE9EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{527942F0-931C-4FF2-819A-B5CB15A6CBFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52805787-E7E1-4F05-AB61-CA5CB81A1A73}" = protocol=6 | dir=out | app=system | 
"{60017FBA-9E75-4F2A-95C1-DF846AB22A99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{699406B1-AA42-448B-B373-5E03AB2EBC9C}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6A6E9C82-CFEC-4345-B148-BC5426D0517D}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{71FC0B23-678C-4689-9063-2CAD242F08E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{79F63269-B571-4BCB-BD97-93B0272C9E10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7F6094F1-84B4-46B1-992E-56E38A179FFF}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{8019ED8F-34A2-4C99-B7C7-BDB83451A01B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{80427D21-090B-4FD2-9B54-FA2D20AC4742}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8273C616-F46B-49A0-961C-FB190020CDF2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{84E03EEC-BF8F-4CEC-B3ED-2234B4A40D5D}" = protocol=17 | dir=in | app=d:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{8D14DCA7-06FB-49DA-8F63-2EA65169A07E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{97A30F4B-B506-4EAE-82E4-DC999C14F1DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A1A96859-D0C1-4887-872D-23039A9526FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A4BB082D-A3F7-428C-83D8-E5249FC15F90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACBB7F0C-9065-4AE2-94BF-70A9EDFDB862}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{B1B19327-4588-442F-A46B-3E9E18E9333F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2BB682E-D75D-4852-A496-F99144B75DDE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C31AD32B-4FD1-4395-A6DB-CC580BF9E936}" = protocol=17 | dir=in | app=d:\program files (x86)\nero\km\kwikmedia.exe | 
"{C56FEBB6-B520-4D50-8770-7B5AC1487A13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C96A66DA-9E6C-49FF-83BA-1E9FB1A27B4D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EEA739B9-F0ED-4C9D-AD68-1F64805A4110}" = protocol=6 | dir=in | app=d:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{EF4F37CB-6C8E-4440-9BF9-280943B08686}" = protocol=6 | dir=in | app=d:\g a m e s\crysis 3\bin32\crysis3.exe | 
"TCP Query User{19FCECDA-AE04-420B-8DF5-F30AB2DC5486}D:\program files (x86)\qnap\finder\finder.exe" = protocol=6 | dir=in | app=d:\program files (x86)\qnap\finder\finder.exe | 
"TCP Query User{2D44BDB0-B7D5-4DA3-BB84-7699ED21E0CE}D:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=d:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"TCP Query User{3BFAB473-A9CF-49C1-A5DB-8BD90D6A583C}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{74F74B1F-3600-49E9-8E74-23BB81843C3A}D:\x-plane 10\x-plane-32bit.exe" = protocol=6 | dir=in | app=d:\x-plane 10\x-plane-32bit.exe | 
"TCP Query User{8918ADD7-30C6-499F-9D8D-19E4A2CFBB25}D:\x-plane 10\x-plane.exe" = protocol=6 | dir=in | app=d:\x-plane 10\x-plane.exe | 
"TCP Query User{A70179B5-8CC8-49CC-8913-FD68B7018941}D:\g r a f i k\cry sdk\bin64\editor.exe" = protocol=6 | dir=in | app=d:\g r a f i k\cry sdk\bin64\editor.exe | 
"TCP Query User{BADF35F5-250E-4B5D-8F4D-9D3E841CFB11}D:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3oshelper.exe" = protocol=6 | dir=in | app=d:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3oshelper.exe | 
"TCP Query User{BBA898EC-E9A2-4AFF-B9C4-796003AE4F98}D:\g r a f i k\cry sdk\bin64\launcher.exe" = protocol=6 | dir=in | app=d:\g r a f i k\cry sdk\bin64\launcher.exe | 
"TCP Query User{BDB872DB-DA17-4E6D-800B-2E9CC8498CB1}D:\g r a f i k\vue\application\vue 9.5 xstream.eon" = protocol=6 | dir=in | app=d:\g r a f i k\vue\application\vue 9.5 xstream.eon | 
"TCP Query User{C67D2A96-1E59-4E25-AE94-3B5978394D2B}D:\g a m e s\xplane\x-plane 9\x-plane.exe" = protocol=6 | dir=in | app=d:\g a m e s\xplane\x-plane 9\x-plane.exe | 
"UDP Query User{1C47924B-CA94-4EB2-93C4-DFABEB25BE7D}D:\g a m e s\xplane\x-plane 9\x-plane.exe" = protocol=17 | dir=in | app=d:\g a m e s\xplane\x-plane 9\x-plane.exe | 
"UDP Query User{353D1B27-C84D-4BF9-8F5C-22E902F3976F}D:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=d:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{41D8A798-B7D3-4545-A0EE-D6FCF44F465E}D:\g r a f i k\vue\application\vue 9.5 xstream.eon" = protocol=17 | dir=in | app=d:\g r a f i k\vue\application\vue 9.5 xstream.eon | 
"UDP Query User{4A604CA6-CFF6-464B-8252-AF100B5906D2}D:\g r a f i k\cry sdk\bin64\launcher.exe" = protocol=17 | dir=in | app=d:\g r a f i k\cry sdk\bin64\launcher.exe | 
"UDP Query User{6C722416-9D5E-49B9-8241-F313A4BC24B6}D:\x-plane 10\x-plane-32bit.exe" = protocol=17 | dir=in | app=d:\x-plane 10\x-plane-32bit.exe | 
"UDP Query User{75E404B5-C706-4A6A-9E97-8012BF888BC1}D:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3oshelper.exe" = protocol=17 | dir=in | app=d:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3oshelper.exe | 
"UDP Query User{8C7B983C-6FA8-446A-AF82-ED85438F122D}D:\g r a f i k\cry sdk\bin64\editor.exe" = protocol=17 | dir=in | app=d:\g r a f i k\cry sdk\bin64\editor.exe | 
"UDP Query User{90853CE3-2422-499C-B2FA-6A01F101A165}D:\program files (x86)\qnap\finder\finder.exe" = protocol=17 | dir=in | app=d:\program files (x86)\qnap\finder\finder.exe | 
"UDP Query User{99D8574F-47D9-4AF9-8BA6-9637153E64E6}D:\x-plane 10\x-plane.exe" = protocol=17 | dir=in | app=d:\x-plane 10\x-plane.exe | 
"UDP Query User{CB9CED9F-D8F3-4848-BE4D-929A30123139}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.14.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PhotomatixPro42x64_is1" = Photomatix Pro version 4.2.6
"TeraCopy_is1" = TeraCopy 2.27
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0143BC25-D431-44bf-85EA-082CA5EA851D}" = DSLR Remote Pro
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{05C6B128-1B40-4495-9CB9-090B368BFA0A}" = Nero Video Samples
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{1487145D-836B-4E94-9C9D-E15D8BB9EBA4}" = GroBoto
"{150D88F1-40AF-4678-A39D-BCE2332F34E5}" = Nero Abstract Themes
"{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}" = LightScribe Applications
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}" = Nero Video Transitions 1
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}" = Nero Cliparts
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{33E5F114-8272-40F9-AB33-58A39CAA5EC8}" = KENWOOD ARCP-480
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0525.1
"{4D25D881-7183-462F-95C8-990CA1944E0B}" = Nero PiP Effects 1
"{4DF979D5-464C-4926-AF73-54C1C219F06A}" = Ham Radio Deluxe
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7AC009-5212-499F-942F-A5AA42AE359E}" = Nero 12 Content Pack
"{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}" = Nero Holiday and Sports Themes
"{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1" = EXPERTool v8.8
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{65AA5B18-A330-4F35-BCDF-EA85EC888906}" = AVOX Evo VST
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}" = Nero Football (Soccer) Themes
"{7EF17D39-44BB-4E4B-9FB7-7082550024C9}" = Depths of Betrayal
"{80D15FDF-F9B7-4C2D-84B9-882B8523C3F9}" = EPSON AcuLaser M1400
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}" = Nero Retro Film Themes
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}" = Nero Platinum Effects 12
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{91000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V9r5
"{91E85B0F-75B4-494F-8EC1-A1A31F677067}" = HAM Office 4
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{955BF340-C379-4375-AA2F-F3BCB2A498AB}" = Nero Family and Events Themes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}" = Nero Image Samples
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CE675FBD-75C3-45F1-B6AF-8D250861D536}" = Nero Disc Menus 3
"{CFDD2CFF-C388-4BEC-85F0-1921C9F57F14}" = aerosoft's - Aerosoft Airport Pack
"{D40B2C78-30CA-4A8F-A157-C86B491C73AF}" = ACDSee Pro 6
"{D529E699-7753-46E7-8B73-C5556EF5B486}" = Nero 12
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEBF1676-AF87-4266-93D8-0C14A34C4217}" = Nero Disc Menus 1
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}" = Nero Disc Menus 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Canon RAW Codec" = Canon RAW Codec
"Color Efex Pro 4" = Color Efex Pro 4
"CwGet_is1" = CwGet V2.26
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.8 (26/02/2013) Qt
"DVDFab 9_is1" = DVDFab 9.0.4.2 (27/05/2013)
"eLicenser Control" = eLicenser Control
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"FL Studio 10" = FL Studio 10
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"FT-817 Commander" = FT-817 Commander
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0525.1
"InstallShield_{80D15FDF-F9B7-4C2D-84B9-882B8523C3F9}" = EPSON AcuLaser M1400
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Solid EQ FX" = Native Instruments Solid EQ FX
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Omni-Rig_is1" = Omni-Rig 1.14
"Origin" = Origin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Plus-HD-1.5" = Plus-HD-1.5
"QNAP_FINDER" = QNAP Finder
"Radio Amateur Callbook" = Radio Amateur Callbook
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Silver Efex Pro 2" = Silver Efex Pro 2
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Spark EDM_is1" = Spark EDM 1.0
"ST6UNST #1" = ve7cc
"TrueCrypt" = TrueCrypt
"UR5EQF_Log 3.31" = UR5EQF_Log 3.31
"Vampir Saga" = Vampir Saga
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
"Vue 9.5 xStream 64bit" = Vue 9.5 xStream 64bit
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Dropbox" = Dropbox
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"MixW-3.1.1h" = MixW 3.1.1h (04/03/2012)
"soe-PlanetSide 2 PSG" = PlanetSide 2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.06.2013 12:40:30 | Computer Name = ADMIN-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files
 (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest".  Die abhängige Assemblierung
 "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht
 gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 10.06.2013 13:55:42 | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ilbridge.exe, Version: 1.1.54.0, 
Zeitstempel: 0x513e2a71  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c92c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000029fa6
ID
 des fehlerhaften Prozesses: 0x11c  Startzeit der fehlerhaften Anwendung: 0x01ce65fff04829f7
Pfad
 der fehlerhaften Anwendung: D:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\ole32.dll  Berichtskennung: f726ed08-d1f6-11e2-aa86-902b34d0c048
 
Error - 10.06.2013 22:47:08 | Computer Name = ADMIN-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 11.06.2013 04:16:37 | Computer Name = ADMIN-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 11.06.2013 06:38:01 | Computer Name = ADMIN-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 11.06.2013 09:36:45 | Computer Name = ADMIN-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 11.06.2013 09:41:32 | Computer Name = ADMIN-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 11.06.2013 10:50:23 | Computer Name = ADMIN-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 670    Startzeit: 
01ce66b264950f84    Endzeit: 0    Anwendungspfad: C:\Users\ADMIN\Desktop\OTL.exe    Berichts-ID:
 3bf07216-d2a6-11e2-a5e4-902b34d0c048  
 
Error - 11.06.2013 10:53:19 | Computer Name = ADMIN-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16a8    Startzeit:
 01ce66b310d544bc    Endzeit: 0    Anwendungspfad: C:\Users\ADMIN\Desktop\OTL.exe    Berichts-ID:
 9b56da15-d2a6-11e2-a5e4-902b34d0c048  
 
Error - 11.06.2013 10:53:43 | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dropbox.exe, Version: 2.0.22.0, Zeitstempel:
 0x515f37bb  Name des fehlerhaften Moduls: libcef.dll, Version: 1.1364.1123.0, Zeitstempel:
 0x513530d7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005fd4a  ID des fehlerhaften Prozesses:
 0xcb8  Startzeit der fehlerhaften Anwendung: 0x01ce66a9239e35a7  Pfad der fehlerhaften
 Anwendung: C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe  Pfad des fehlerhaften
 Moduls: C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\libcef.dll  Berichtskennung: b5ba925d-d2a6-11e2-a5e4-902b34d0c048
 
[ System Events ]
Error - 27.05.2013 14:10:27 | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LPT port direct access service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1275
 
Error - 27.05.2013 14:10:27 | Computer Name = ADMIN-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Program
 Files (x86)\UR5EQF\UR5EQF_Log3\LPTWDMIO.SYS nicht geladen. Wenden Sie sich an den
 Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 27.05.2013 14:10:27 | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LPT port direct access service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1275
 
Error - 27.05.2013 22:48:33 | Computer Name = ADMIN-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Program
 Files (x86)\UR5EQF\UR5EQF_Log3\LPTWDMIO.SYS nicht geladen. Wenden Sie sich an den
 Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 27.05.2013 22:48:33 | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LPT port direct access service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1275
 
Error - 27.05.2013 22:48:33 | Computer Name = ADMIN-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Program
 Files (x86)\UR5EQF\UR5EQF_Log3\LPTWDMIO.SYS nicht geladen. Wenden Sie sich an den
 Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 27.05.2013 22:48:33 | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LPT port direct access service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1275
 
Error - 28.05.2013 09:33:00 | Computer Name = ADMIN-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 29.05.2013 08:40:23 | Computer Name = ADMIN-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 29.05.2013 12:29:40 | Computer Name = ADMIN-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---



[/QUOTE]


Ich hoffe das ich beim Scannen alles richtig gemacht habe!

Vieleicht kann jemand mit diesen Infos etwas anfangen.

Gruß Mattes

Geändert von matwhv (11.06.2013 um 16:23 Uhr)

Alt 11.06.2013, 15:29   #2
aharonov
/// TB-Ausbilder
 
Merkwürdiges Popupfenster geht auf! - Standard

Merkwürdiges Popupfenster geht auf!



Hallo Mattes,

Zitat:
Ich weiss das diese Info recht dürftig ist ... aber besser beschreiben kann ich es nicht.
Ja mit diesen Infos kommt man wohl nicht allzu weit..
Deshalb brauchen wir ein paar mehr:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles hier.
__________________

__________________

Alt 12.06.2013, 17:57   #3
matwhv
 
Merkwürdiges Popupfenster geht auf! - Standard

Merkwürdiges Popupfenster geht auf!



Hallo

Das Thema hat sich erledigt!

Ich bin mit dem adwcleaner über das System gegangen und die "Nervensäge" wurde gekillt.

Ich bedanke mich für das tolle Programm


Gruß Mattes
__________________

Alt 12.06.2013, 18:12   #4
aharonov
/// TB-Ausbilder
 
Merkwürdiges Popupfenster geht auf! - Standard

Merkwürdiges Popupfenster geht auf!



Hallo,

entschuldige bitte, dass ich mich nicht gemeldet hab. Aber da du die Logs in deinen ersten Post reineditiert hast, hab ich keine Benachrichtigung darüber erhalten.

Zitat:
Ich bin mit dem adwcleaner über das System gegangen und die "Nervensäge" wurde gekillt.
Prima. Falls ich doch noch weiter dein System überprüfen soll, melde dich noch kurz, ansonsten beenden wir das Thema hier.
__________________
cheers,
Leo

Alt 18.06.2013, 21:27   #5
aharonov
/// TB-Ausbilder
 
Merkwürdiges Popupfenster geht auf! - Standard

Merkwürdiges Popupfenster geht auf!



Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

__________________
cheers,
Leo

Antwort

Themen zu Merkwürdiges Popupfenster geht auf!
0x80041003, adobe reader xi, andere, antivirenprogramm, beschreiben, besser, canon, ebanking, einiger, fenster, guten, inhalt, install.exe, kaspersky internet security 2013, langsam, merkwürdiges, nervt, ntdll.dll, origin, problem, programm, rechts, scan, scanne, scannen, screen, spark, sporadisch, taucht, total commander, weisses pop up, win32k.sys



Ähnliche Themen: Merkwürdiges Popupfenster geht auf!


  1. Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (19)
  2. PC Start merkwürdiges Verhalten-geht aus an
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (7)
  3. Ein popupfenster sagt mir ich hätte eine Virus
    Plagegeister aller Art und deren Bekämpfung - 24.01.2015 (17)
  4. Merkwürdiges BIOS
    Netzwerk und Hardware - 27.02.2014 (4)
  5. Werbe-Popupfenster machen "surfen" im Internet unmöglich
    Plagegeister aller Art und deren Bekämpfung - 19.08.2013 (9)
  6. Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank
    Log-Analyse und Auswertung - 17.05.2013 (11)
  7. Merkwürdiges Ergebnis bei aswMBR
    Log-Analyse und Auswertung - 20.11.2011 (2)
  8. Ständige IE Popupfenster :(
    Log-Analyse und Auswertung - 06.01.2011 (6)
  9. Merkwürdiges Fenster auf dem Desktop. Was ist das ?
    Log-Analyse und Auswertung - 07.07.2010 (3)
  10. Merkwürdiges verhalten Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2009 (1)
  11. Popupfenster beim IE und Notebook startet selbstständig aus dem Standbymodus
    Log-Analyse und Auswertung - 11.10.2008 (9)
  12. Merkwürdiges verhalten meines PCs
    Plagegeister aller Art und deren Bekämpfung - 17.08.2008 (2)
  13. Popupfenster geht permanent auf - Trojaner?
    Log-Analyse und Auswertung - 17.03.2008 (29)
  14. Merkwürdiges Desktopverhalten…
    Plagegeister aller Art und deren Bekämpfung - 04.02.2008 (0)
  15. merkwürdiges Verhalten des Browsers
    Log-Analyse und Auswertung - 24.08.2007 (10)
  16. Merkwürdiges Rechnerverhalten
    Log-Analyse und Auswertung - 10.04.2007 (5)
  17. Ein merkwürdiges Problem.
    Log-Analyse und Auswertung - 09.11.2006 (3)

Zum Thema Merkwürdiges Popupfenster geht auf! - Guten Tag Ich habe seit einiger Zeit ein Problem mit einem Fenster das rechts unten auf dem Screen aufgeht. Das Fenster hat keinen Inhalt .. ist weiss und fährt langsam - Merkwürdiges Popupfenster geht auf!...
Archiv
Du betrachtest: Merkwürdiges Popupfenster geht auf! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.