| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf Spyware - Anzeichen: Monitor blinkt ab und zu malWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.02.2013, 12:44
| #1 |
| |  Verdacht auf Spyware - Anzeichen: Monitor blinkt ab und zu mal Hallo Leute, ich habe verdacht auf Spyware oder evtl. Keylogger. Anzeichen: -Monitor blinkt ab und zu mal, wie man das von Remote Viewer Programmen kennt -Ab und zu andere Probleme, wie z.B. ein Desktop Symbol lässt sich nicht mehr verschieben. Hier die Logs: Defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:50 on 05/02/2013 (Utka) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.02.2013 10:52:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Utka\Desktop\Scan Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 46,28% Memory free 6,99 Gb Paging File | 3,99 Gb Available in Paging File | 57,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,41 Gb Total Space | 539,55 Gb Free Space | 57,93% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 781,74 Gb Free Space | 83,92% Space Free | Partition Type: NTFS Drive Z: | 5587,37 Gb Total Space | 4906,41 Gb Free Space | 87,81% Space Free | Partition Type: NTFS Computer Name: UTKA-PC | User Name: Utka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.05 10:49:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Utka\Desktop\Scan\OTL.exe PRC - [2013.01.29 09:18:58 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.28 22:54:58 | 001,273,856 | ---- | M] (www.bid-o-matic.org) -- C:\Programme\Biet-O-Matic\Biet-O-Matic.exe PRC - [2012.11.27 14:10:00 | 000,692,224 | ---- | M] () -- C:\Programme\onlinebrief24.de\ebdhelper.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.20 14:10:34 | 000,997,376 | ---- | M] (digital guru GmbH & Co. KG) -- C:\Programme\GREYHOUND\Client\GreyhoundPrinterHelper.exe PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe PRC - [2012.04.11 00:15:28 | 000,387,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Silverlight\sllauncher.exe PRC - [2012.02.15 22:55:32 | 000,131,584 | ---- | M] (Nenad Hrg SoftwareOK) -- C:\Users\Utka\Desktop\Programme\DesktopOK.exe PRC - [2011.11.30 08:45:49 | 005,035,584 | ---- | M] (Euro Plus d.o.o.) -- C:\Programme\Common Files\EuroPlus Shared\LblServices.exe PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe PRC - [2011.08.19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe PRC - [2011.08.19 20:32:40 | 000,423,536 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.10.21 13:44:21 | 001,130,120 | ---- | M] (SPAMfighter ApS) -- C:\Programme\Fighters\FighterSuiteService.exe PRC - [2010.10.21 13:44:00 | 000,189,064 | ---- | M] (SPAMfighter ApS) -- C:\Programme\Fighters\SPAMfighter\sfus.exe PRC - [2010.08.04 17:38:30 | 000,065,536 | ---- | M] () -- C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe PRC - [2010.05.28 14:51:00 | 002,480,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2010.05.02 21:25:44 | 000,498,096 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe PRC - [2010.04.16 21:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.04.16 17:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2010.01.22 21:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2010.01.22 21:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2010.01.22 21:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\vmware-authd.exe PRC - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009.11.12 04:42:50 | 000,661,072 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\System32\XSrvSetup.exe PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2013.01.29 09:18:58 | 003,022,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.01.09 13:25:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 13:25:31 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll MOD - [2013.01.09 13:25:31 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll MOD - [2013.01.09 12:30:22 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll MOD - [2013.01.09 12:30:18 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll MOD - [2013.01.09 12:30:15 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.09 12:30:15 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll MOD - [2013.01.09 12:30:14 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.09 12:30:11 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.09 12:30:07 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012.11.27 14:10:00 | 000,692,224 | ---- | M] () -- C:\Programme\onlinebrief24.de\ebdhelper.exe MOD - [2012.08.30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll MOD - [2012.08.30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll MOD - [2012.08.30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll MOD - [2012.08.30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll MOD - [2012.08.30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll MOD - [2012.08.30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll MOD - [2012.08.30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll MOD - [2011.04.19 15:56:16 | 000,036,864 | ---- | M] () -- C:\ProgramData\3CXMyPhone Client Addin\3CXTAPIClient.dll MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2013.01.29 09:18:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 22:37:19 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.12 07:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.04.26 14:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.11.30 08:45:49 | 005,035,584 | ---- | M] (Euro Plus d.o.o.) [Auto | Running] -- C:\Programme\Common Files\EuroPlus Shared\LblServices.exe -- (LabelServices) SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Running] -- C:\Programme\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.08.19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-worker) SRV - [2011.08.19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server) SRV - [2011.08.19 20:32:40 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2011.03.25 09:10:28 | 000,134,984 | ---- | M] (PEERNET Inc.) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PNSvc9.exe -- (PEERNET Spooler Service 9.0) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.21 13:44:21 | 001,130,120 | ---- | M] (SPAMfighter ApS) [Disabled | Running] -- C:\Programme\Fighters\FighterSuiteService.exe -- (Suite Service) SRV - [2010.10.21 13:44:00 | 000,189,064 | ---- | M] (SPAMfighter ApS) [Disabled | Running] -- C:\Program Files\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service) SRV - [2010.08.04 17:38:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler) SRV - [2010.05.28 14:51:00 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2010.05.28 10:54:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.05.02 21:25:44 | 000,498,096 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc) SRV - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) [Disabled | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.22 21:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2010.01.22 21:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.01.22 21:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\vmware-authd.exe -- (VMAuthdService) SRV - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009.11.12 04:42:50 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009.10.12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\vmware-ufad.exe -- (ufad-ws60) SRV - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\System32\XSrvSetup.exe -- (JMB36X) SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.06.12 10:48:16 | 002,159,992 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Programme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ncplelhp.sys -- (ncplelhp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.06.14 18:33:26 | 000,585,560 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.05.21 14:10:52 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.10.20 11:48:00 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2011.10.20 11:48:00 | 000,013,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011.08.23 18:03:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.07.12 09:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared) DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2011.03.15 01:38:14 | 000,054,384 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bmdrvr.sys -- (bmdrvr) DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.22 12:35:36 | 000,117,688 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\vcdc.sys -- (vcdc) DRV - [2010.09.22 12:29:33 | 000,118,200 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcdc.sys -- (usbcdc) DRV - [2010.09.22 12:23:32 | 000,201,784 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isdnusb.sys -- (isdnusb) DRV - [2010.05.28 14:51:02 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2010.05.28 14:50:58 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm258.sys -- (tdrpman258) DRV - [2010.05.28 14:50:56 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.05.28 14:50:49 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010.04.19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.02.08 08:54:42 | 000,028,208 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb) DRV - [2010.02.02 12:47:56 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2010.02.02 12:47:56 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2010.02.02 12:47:54 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3) DRV - [2010.01.22 21:14:16 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2010.01.22 21:14:14 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2010.01.22 21:14:12 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2010.01.22 21:14:12 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2010.01.22 21:13:04 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport) DRV - [2010.01.22 20:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2010.01.22 16:13:00 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2010.01.22 16:13:00 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb) DRV - [2010.01.22 16:13:00 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2009.12.14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec) DRV - [2009.12.14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.10.29 09:14:32 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2009.10.26 16:19:02 | 000,136,704 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009.10.26 16:19:00 | 000,058,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.10.12 13:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 01:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.06.12 08:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror) DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial) DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BRPAR.SYS -- (BrPar) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 17 31 67 3F FE CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "blanc" FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@kaspersky.com/Password Manager: C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\MODULE~1\npkpmAutofill.dll (Kaspersky Lab) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012.12.26 13:01:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012.12.26 13:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012.12.26 13:01:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.29 09:19:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.29 09:18:56 | 000,000,000 | ---D | M] [2010.05.27 21:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\Extensions [2013.02.01 10:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\Firefox\Profiles\rvj1kxti.default\extensions [2010.05.28 13:23:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Utka\AppData\Roaming\mozilla\Firefox\Profiles\rvj1kxti.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.06.28 18:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\Firefox\Profiles\rvj1kxti.default\extensions\nostmp [2013.02.01 10:25:49 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.13 12:18:55 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.01.31 16:19:46 | 000,000,950 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\searchplugins\icqplugin-1.xml [2011.07.28 17:59:57 | 000,000,950 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\searchplugins\icqplugin-2.xml [2011.08.19 09:45:14 | 000,000,950 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\searchplugins\icqplugin-3.xml [2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\searchplugins\icqplugin.xml [2013.01.29 09:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.29 09:18:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.29 09:18:49 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013.01.29 09:18:49 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013.01.29 09:18:58 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.27 08:43:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 16:06:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.27 08:43:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.27 08:43:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.27 08:43:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.27 08:43:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Utka\AppData\Roaming\Mozilla\plugins\npatgpc.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: DVR Client (Enabled) = C:\windows\system32\WebClient\npwebclient.dll CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\ CHR - Extension: Password Manager plugin = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\6.0.1.54\ CHR - Extension: Virtuelle Tastatur = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\ CHR - Extension: Anti-Banner = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\ O1 HOSTS File: ([2012.11.19 11:26:53 | 000,445,527 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 2O7.net O1 - Hosts: 127.0.0.1 192.168.112.2O7.net O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 15300 more lines... O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [onlinebrief24-ebdhelper] C:\Programme\onlinebrief24.de\ebdhelper.exe () O4 - HKLM..\Run: [PTNMWND] C:\Program Files\Brother\ES Status Monitor\ptnmwnd.exe (Brother Industries, Ltd.) O4 - HKCU..\Run: [3CX MyPhone1653240284.192.168.2.154] C:\Users\Utka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3CX MyPhone.lnk () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DesktopOK] C:\Users\Utka\Desktop\Programme\DesktopOK.exe (Nenad Hrg SoftwareOK) O4 - HKCU..\Run: [Greyhound Printer Helper] C:\Programme\GREYHOUND\Client\GreyhoundPrinterHelper.exe (digital guru GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to &Teleport - C:\Programme\Teleport Pro\teleport.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Kaspersky PURE - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\spIEBho.dll (Kaspersky Lab) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: dell ([]file in Local intranet) O15 - HKCU\..Trusted Domains: afterbuy.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: bmite.net ([sps] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: dyndns.org ([bmsec] * in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range3 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range4 ([*] in Vertrauenswürdige Sites) O16 - DPF: {17220B00-60CD-4E50-A244-02ED7C8E6385} hxxp://192.168.2.174//DvrMaster.cab (DvrMasterCtrl Class) O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} hxxp://58.248.16.60:8004/NEWIE.cab (NEWIE Control) O16 - DPF: {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} hxxp://87.139.51.122:8888/ums_control.cab (UMS_AX_Ctrl Class) O16 - DPF: {7773F3FE-6C5D-4FA7-8185-D7680FDCA276} hxxp://192.168.2.232/WebViewerH264S.cab (WebViewerH264 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {922EC374-7B73-4E7F-8AC9-64992FE0F523} hxxp://87.139.51.122:8888/ums_webviewer.cab (UMS_WebViewer Control) O16 - DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://192.168.2.178:8383/AVC_AX_742.cab (AMCCtrl Class) O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://demo.laviewsecurity.com:8010/WebClient.exe (WebClient Control) O16 - DPF: {AFCBAA8B-7800-4F42-8F97-1C2AC1B6E7FE} hxxp://192.168.2.250/install.cab (NSActiveX Control) O16 - DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} hxxp://192.168.2.232/cgi-bin/design/html_template/WebACS.cab (WebRemotePlayerControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19EF1563-C3BE-4283-BB7C-29C2C6D89165}: NameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.07.31 02:20:12 | 000,000,959 | RHS- | M] () - E:\autorun.bin -- [ NTFS ] O32 - AutoRun File - [2000.06.07 15:37:12 | 000,000,046 | RHS- | M] () - E:\AUTORUN.FCB -- [ NTFS ] O32 - AutoRun File - [2001.08.16 10:42:52 | 000,002,238 | RHS- | M] () - E:\Autorun.ico -- [ NTFS ] O32 - AutoRun File - [2006.06.29 19:49:46 | 000,017,213 | RHS- | M] () - E:\Autorun.ini -- [ NTFS ] O32 - AutoRun File - [2006.06.14 14:26:38 | 000,000,024 | RHS- | M] () - E:\autorun.txt -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.05 10:49:43 | 000,000,000 | ---D | C] -- C:\Users\Utka\Desktop\Scan [2013.02.01 14:06:57 | 000,000,000 | ---D | C] -- C:\Windows\Noslip [2013.01.29 10:53:27 | 000,000,000 | ---D | C] -- C:\Users\Utka\Desktop\heidelpay [2013.01.29 09:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.21 15:39:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.21 15:34:24 | 000,000,000 | ---D | C] -- C:\Windows\MATS [2013.01.21 15:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center [2013.01.17 15:17:21 | 000,000,000 | ---D | C] -- C:\Users\Utka\AppData\Roaming\Kaspersky Lab [2013.01.17 15:15:45 | 000,000,000 | --SD | C] -- C:\Users\Utka\Documents\Passwords Database [2013.01.08 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\Utka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software [2013.01.08 19:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software [2010.06.14 22:45:51 | 001,638,400 | ---- | C] (LIGHTNING UK!) -- C:\Users\Utka\AppData\Local\ImgBurn.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.05 10:50:36 | 000,000,000 | ---- | M] () -- C:\Users\Utka\defogger_reenable [2013.02.05 10:45:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.05 10:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.05 09:08:56 | 000,000,099 | ---- | M] () -- C:\Windows\Brownie.ini [2013.02.05 09:08:54 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.04 17:46:58 | 001,153,906 | ---- | M] () -- C:\Users\Utka\Desktop\Balter Security Workshop Webshop.pdf [2013.02.04 17:46:57 | 001,044,033 | ---- | M] () -- C:\Users\Utka\Desktop\Avaloid Workshop Webshop.pdf [2013.02.04 17:46:57 | 000,826,032 | ---- | M] () -- C:\Users\Utka\Desktop\Avaloid GmbH Workshop.pdf [2013.02.04 17:46:40 | 000,181,970 | ---- | M] () -- C:\Users\Utka\Desktop\Balter Security Workshop.pdf [2013.02.04 16:14:28 | 000,002,064 | -H-- | M] () -- C:\Users\Utka\Documents\Default.rdp [2013.02.04 15:43:40 | 000,320,467 | ---- | M] () -- C:\Users\Utka\Desktop\Vertrag Avaloid.pdf [2013.02.04 13:57:29 | 000,002,341 | ---- | M] () -- C:\Users\Utka\Desktop\afterbuy - UPS - afterbuy.lnk [2013.02.04 13:57:29 | 000,001,950 | ---- | M] () -- C:\Users\Utka\Desktop\zarplata.lnk [2013.02.04 13:57:29 | 000,001,922 | ---- | M] () -- C:\Users\Utka\Desktop\aussenlager.lnk [2013.02.04 13:57:29 | 000,001,711 | ---- | M] () -- C:\Users\Utka\Desktop\Freigegeben.lnk [2013.02.04 13:16:17 | 000,002,054 | ---- | M] () -- C:\Users\Utka\Desktop\3CX.rdp [2013.02.04 10:37:28 | 000,000,021 | ---- | M] () -- C:\Windows\UMS_WE~1.INI [2013.02.01 14:07:35 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.01 14:07:35 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.01 13:55:07 | 000,001,963 | ---- | M] () -- C:\ads_err.dbf [2013.02.01 13:40:14 | 000,702,814 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.01 13:40:14 | 000,657,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.01 13:40:14 | 000,150,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.01 13:40:14 | 000,122,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.31 15:45:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.31 15:45:23 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys [2013.01.30 16:06:38 | 002,372,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.30 14:08:39 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.01.23 10:31:32 | 000,002,194 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\activebarcodeapp.ini [2013.01.21 16:53:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\netcfg [2013.01.17 12:30:07 | 036,395,908 | ---- | M] () -- C:\Users\Utka\Desktop\tube.rar [2013.01.08 17:41:40 | 000,002,054 | ---- | M] () -- C:\Users\Utka\Desktop\Storage.rdp [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.05 10:50:36 | 000,000,000 | ---- | C] () -- C:\Users\Utka\defogger_reenable [2013.02.04 17:46:38 | 001,153,906 | ---- | C] () -- C:\Users\Utka\Desktop\Balter Security Workshop Webshop.pdf [2013.02.04 17:46:38 | 001,044,033 | ---- | C] () -- C:\Users\Utka\Desktop\Avaloid Workshop Webshop.pdf [2013.02.04 17:46:38 | 000,826,032 | ---- | C] () -- C:\Users\Utka\Desktop\Avaloid GmbH Workshop.pdf [2013.02.04 17:46:38 | 000,181,970 | ---- | C] () -- C:\Users\Utka\Desktop\Balter Security Workshop.pdf [2013.02.04 15:43:40 | 000,320,467 | ---- | C] () -- C:\Users\Utka\Desktop\Vertrag Avaloid.pdf [2013.02.04 13:16:17 | 000,002,054 | ---- | C] () -- C:\Users\Utka\Desktop\3CX.rdp [2013.01.28 16:29:41 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.01.21 16:51:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\netcfg [2013.01.21 15:34:24 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk [2013.01.17 16:27:31 | 000,524,924 | ---- | C] () -- C:\Users\Utka\Desktop\Stiftung Warentest - 2013 - 01 - Waschmaschinen.pdf [2013.01.17 12:29:59 | 036,395,908 | ---- | C] () -- C:\Users\Utka\Desktop\tube.rar [2013.01.08 17:41:40 | 000,002,054 | ---- | C] () -- C:\Users\Utka\Desktop\Storage.rdp [2012.12.28 13:22:45 | 000,000,061 | ---- | C] () -- C:\Windows\System32\RBuilder.ini [2012.10.10 09:41:00 | 000,162,184 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.09.18 17:53:40 | 000,000,021 | ---- | C] () -- C:\Windows\UMS_WE~1.INI [2012.07.20 14:17:06 | 003,158,016 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_VIEWER.dll [2012.06.25 15:01:58 | 000,221,184 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_H264.dll [2012.06.25 15:01:36 | 000,086,016 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_JPEG.dll [2012.06.20 10:07:42 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.04.06 11:47:53 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.04.06 11:47:52 | 000,138,056 | ---- | C] () -- C:\Users\Utka\AppData\Roaming\PnkBstrK.sys [2012.04.06 11:47:20 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.04.06 11:47:17 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.03.20 20:15:49 | 000,179,200 | ---- | C] () -- C:\Windows\System32\exit32.dll [2012.03.16 16:21:04 | 000,017,408 | ---- | C] () -- C:\Users\Utka\AppData\Local\WebpageIcons.db [2012.01.03 17:20:26 | 000,151,552 | ---- | C] () -- C:\Windows\System32\utf8_2_font.dll [2011.11.30 18:51:10 | 000,000,336 | ---- | C] () -- C:\Windows\BRCALIB.INI [2011.11.30 18:49:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC10A.DAT [2011.11.23 12:33:52 | 005,111,934 | ---- | C] () -- C:\Users\Utka\qm580nw130us.blf [2011.10.18 17:05:16 | 000,020,537 | ---- | C] () -- C:\Users\Utka\AppData\Roaming\UserTile.png [2011.09.09 10:10:30 | 001,777,664 | ---- | C] () -- C:\Windows\System32\DVR_GUI.dll [2011.08.23 15:07:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NetMsgDLL.dll [2011.08.16 11:50:52 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2040.DAT [2011.07.26 19:01:14 | 000,023,040 | ---- | C] () -- C:\Windows\System32\Simulation1.exe [2011.05.26 10:04:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.05.26 10:03:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.05 11:24:54 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.04.05 11:24:51 | 000,031,265 | ---- | C] () -- C:\Windows\HL-5350DN.INI [2011.04.05 11:24:45 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM08A.DAT [2011.04.05 11:23:08 | 000,000,062 | ---- | C] () -- C:\Windows\System32\bd5350dn.dat [2011.04.05 11:22:36 | 000,000,099 | ---- | C] () -- C:\Windows\Brownie.ini [2011.03.25 14:32:42 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_SCALE.dll [2011.03.25 14:24:30 | 000,808,979 | ---- | C] () -- C:\Windows\System32\avcodec-52.84.0.dll [2011.03.25 14:24:30 | 000,159,251 | ---- | C] () -- C:\Windows\System32\swscale-0.11.1.dll [2011.03.25 14:24:30 | 000,086,528 | ---- | C] () -- C:\Windows\System32\avformat-52.74.0.dll [2011.03.25 14:24:30 | 000,070,675 | ---- | C] () -- C:\Windows\System32\avutil-50.22.0.dll [2011.03.14 15:11:34 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini [2011.03.14 15:11:33 | 000,001,843 | ---- | C] () -- C:\Windows\System32\RC98E1A0.dat [2011.03.14 15:11:33 | 000,000,030 | ---- | C] () -- C:\Windows\System32\RPCS.ini [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011.03.06 17:58:08 | 000,038,418 | ---- | C] () -- C:\Users\Utka\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011.03.01 10:53:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\untargz.exe [2011.01.12 20:55:23 | 000,002,194 | ---- | C] () -- C:\Users\Utka\AppData\Roaming\activebarcodeapp.ini [2010.09.22 17:56:32 | 000,004,608 | ---- | C] () -- C:\Users\Utka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.22 17:52:12 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.09.22 17:52:12 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A4CD519AB9.sys [2010.06.14 22:45:51 | 000,226,816 | ---- | C] () -- C:\Users\Utka\AppData\Local\tsMuxeR.exe [2010.05.28 14:07:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.28 10:05:34 | 000,007,605 | ---- | C] () -- C:\Users\Utka\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2006.08.16 11:51:08 | 000,008,818 | ---- | M] () -- C:\Users\All Users\{ED71B2BE-720D-4B05-85A7-E41D2F83424B}\offline\9D3195FD\70EC2F7\N.wmf [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.13 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\3CX Outlook Integration [2012.02.13 12:41:44 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\3CXMyPhone Client Addin [2010.11.24 15:10:53 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Acronis [2013.02.05 10:53:03 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\BOM [2010.10.17 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Buhl Data Service GmbH [2010.11.04 10:31:25 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Common Toolkit Suite [2011.08.23 18:05:40 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\DAEMON Tools Lite [2010.06.14 11:42:15 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Deutsche Telekom AG [2013.01.12 16:11:16 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Dropbox [2012.11.28 11:42:15 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\eBriefdienst [2011.01.05 22:17:48 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\EurekaLog [2010.11.04 10:31:26 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Fighters [2013.01.23 16:35:36 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\FileZilla [2012.02.20 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\GetRightToGo [2011.10.24 16:22:27 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\gotomaxx [2011.04.05 14:15:24 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\GREYHOUND [2011.08.23 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\ICQ [2011.05.18 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\ImgBurn [2012.09.11 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\LANCOM [2010.10.17 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\LetsTrade [2012.05.03 19:01:46 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Might & Magic Heroes VI [2012.04.06 11:22:11 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Origin [2010.06.04 16:03:31 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\PC-FAX TX [2011.10.18 17:05:16 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\PeerNetworking [2010.06.07 11:41:43 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Radmin [2012.06.25 09:55:36 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\redsn0w [2010.12.08 13:33:47 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\SYNCING.NET [2011.02.17 15:05:38 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\TAPICall [2013.01.31 10:31:06 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\TeamViewer [2011.02.22 18:28:41 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Thinstall [2011.02.15 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\webex [2010.06.29 11:14:29 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\WebMoney ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:41ADDB8A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A064CECC < End of report > GMER GMER GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-08 09:23:05 Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP7T0L0-c SAMSUNG_HD103UJ rev.1AA01118 931,51GB Running: gmer_2.0.18454.exe; Driver: C:\Users\Utka\AppData\Local\Temp\kxldapow.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x94042392] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9405D21C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9405D552] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9405D8C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x94042E0C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9405CF04] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x9404337E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9404326C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9405D3C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9404214E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x94043496] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x9405E810] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x940429C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x94042B32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x940435AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9405D48A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x94043856] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x94042E4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x94044858] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x94043948] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x9405E830] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x9405B6F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x94043410] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x940432F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x940425CC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x94043C98] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x94043528] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x940424C0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwPlugPlayControl [0x9405E820] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x94043664] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x9405B8EC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x940441DA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x94043AE8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9405D6B6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9405D604] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9405D722] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x940446FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9405D08C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x94042CAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x94043702] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x9404432A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x9404441E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x94044558] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x94043778] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9404276C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x940426C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x94044092] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x94042858] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83A92A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83ACC4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 83AD350C 4 Bytes [92, 23, 04, 94] {XCHG EDX, EAX; AND EAX, [ESP+EDX*4]} .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83AD3534 8 Bytes [1C, D2, 05, 94, 52, D5, 05, ...] {SBB AL, 0xd2; ADD EAX, 0x5d55294; XCHG ESP, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83AD3578 4 Bytes [C8, D8, 05, 94] {ENTER 0x5d8, 0x94} .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83AD35A4 4 Bytes [0C, 2E, 04, 94] {OR AL, 0x2e; ADD AL, 0x94} .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83AD35C8 4 Bytes [04, CF, 05, 94] .text ... .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xAE539400, 0x87EE2, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xAE5DD620] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xAE5DD620] .protectÿÿÿÿhardlockunknown last code section [0xAE5DD400, 0x5126, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xAE5DD400, 0x5126, 0xE0000020] .text peauth.sys B043FC9D 28 Bytes [8F, 10, EE, D5, EA, C1, 27, ...] .text peauth.sys B043FCC1 28 Bytes [8F, 10, EE, D5, EA, C1, 27, ...] ---- User code sections - GMER 2.0 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[756] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[756] ntdll.dll!NtProtectVirtualMemory 77AB5F18 5 Bytes JMP 6B8C17E3 C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[756] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 0.dllunknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[756] user32.dll!NotifyWinEvent + 6AE 760BD66C 4 Bytes [56, 27, 8C, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[1844] kernel32.dll!CreateThread 76A4DCC2 5 Bytes JMP 6AD975DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!EnableWindow 760A8D02 5 Bytes JMP 6ADD9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CallNextHookEx 760AABE1 5 Bytes JMP 6ADF7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!UnhookWindowsHookEx 760AADF9 5 Bytes JMP 6AE1ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DefWindowProcA 760ABB1C 7 Bytes JMP 6AD99805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateWindowExA 760ABF40 5 Bytes JMP 6ADA363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!SetWindowsHookExW 760AE30C 5 Bytes JMP 6ADD25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateWindowExW 760AEC7C 5 Bytes JMP 6AE003CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DefWindowProcW 760B507D 7 Bytes JMP 6ADF8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxParamW 760C3B9B 5 Bytes JMP 6AD31893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxIndirectParamW 760D3B7F 5 Bytes JMP 6AF28FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxParamA 760ECF42 5 Bytes JMP 6AF28F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxIndirectParamA 760ED274 5 Bytes JMP 6AF2901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxIndirectA 760FE869 5 Bytes JMP 6AF28ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxIndirectW 760FE963 5 Bytes JMP 6AF28E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxExA 760FE9C9 5 Bytes JMP 6AF28DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxExW 760FE9ED 5 Bytes JMP 6AF28D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1844] ole32.dll!OleLoadFromStream 76AE6143 5 Bytes JMP 6AF29784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2552] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2552] ntdll.dll!NtProtectVirtualMemory 77AB5F18 5 Bytes JMP 6B8C17E3 C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2552] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 0.dllunknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2552] user32.dll!NotifyWinEvent + 6AE 760BD66C 4 Bytes [56, 27, 8C, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!EnableWindow 760A8D02 5 Bytes JMP 6ADD9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!DialogBoxParamW 760C3B9B 5 Bytes JMP 6AD31893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!DialogBoxIndirectParamW 760D3B7F 5 Bytes JMP 6AF28FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!DialogBoxParamA 760ECF42 5 Bytes JMP 6AF28F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!DialogBoxIndirectParamA 760ED274 5 Bytes JMP 6AF2901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!MessageBoxIndirectA 760FE869 5 Bytes JMP 6AF28ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!MessageBoxIndirectW 760FE963 5 Bytes JMP 6AF28E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!MessageBoxExA 760FE9C9 5 Bytes JMP 6AF28DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!MessageBoxExW 760FE9ED 5 Bytes JMP 6AF28D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- Registry - GMER 2.0 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{C076555F-69CE-11DF-8429-806E6F6E6963} 13523734184 ---- Files - GMER 2.0 ---- File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\parctl 0 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\parctl\parctl-0607g.krg 929 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\parctl\parctl-0607g.xml 5191 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\parctl\parctl.stt 21 bytes |
|
09.02.2013, 16:41
| #2 | |
| /// TB-Ausbilder   | Verdacht auf Spyware - Anzeichen: Monitor blinkt ab und zu mal Servus,
__________________Aus deiner Logdatei: Zitat:
Diese Einträge in der Hosts Datei deuten auf illegale Software hin. Wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten. Damit ist das Thema beendet. |
|
| Themen zu Verdacht auf Spyware - Anzeichen: Monitor blinkt ab und zu mal |
| adobe, andere probleme, bho, blinkt, bonjour, converter, defender, desktop, euro, explorer, firefox, flash player, format, ftp, google, hängen, intranet, kaspersky, lightning, logfile, microsoft fix it, monitor, mozilla, ntdll.dll, nvidia update, plug-in, registry, spyware, starmoney, tastatur, temp, usb, windows |
Linear-Darstellung
