| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Phinshing Email von Paypal geöffnet - Kaspersky findet nichts per Scan .__.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.04.2014, 15:12
| #1 |
 |  Phinshing Email von Paypal geöffnet - Kaspersky findet nichts per Scan .__. So, ich muss mich (leider) mal wieder melden. Als Info vorneweg; ich bin ab Montag bis Donnerstag nicht erreichbar, dort würde dann also ggf erst ab Donnerstag weitergearbeitet werden. Ich habe genialer Weise auf eine der Verlinkungen einer der neuerdings auftretenden Phinshing Emails von Paypal gelaufen...yuhu. (ich habe Passwort etc allerdings schon erneuern lassen). Daraufhin habe ich einige Suchläufe mit Kaspersky durchgeführt, das aber nichts gefunden hat. Daraufhin bin ich in die Gesamtübersicht von Kaspersky rein...und da sah ich dann das:  Die abgebrochenen Aktionen lauten jeweils auf: "Lesen des Arbeitsspeichers aus anderen Prozessen"....was auch immer das bedeuten mag. Ich frage mich jetzt halt ob durch das Phinshing ein Trojaner / Malware auf den Pc geschlichen ist, obwohl Kaspersky nichts gefunden hat. Dieses verdächtige Aktion lief von 14:07 an durch und verebbte um 14:31 wieder. Das sind die Infos dich ich dazu geben kann. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:38 on 13/04/2014 (xxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by xxx(administrator) on xxx on 13-04-2014 15:39:12
Running from C:\Users\xxx\Desktop\Systemüberprüfung
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech) C:\Program Files (x86)\Logitech\H800\H800.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [TurboV] - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM-x32\...\Run: [Logitech H800] - C:\Program Files (x86)\Logitech\H800\H800.exe [273432 2011-07-29] (Logitech)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1238650401-2117980550-2586180000-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1238650401-2117980550-2586180000-1000\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\xxx\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-14]
==================== Services (Whitelisted) =================
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
==================== Drivers (Whitelisted) ====================
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-14] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-21] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-14] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-13 15:39 - 2014-04-13 15:39 - 00000000 ____D () C:\FRST
2014-04-13 15:38 - 2014-04-13 15:38 - 00000000 _____ () C:\Users\xxx\defogger_reenable
2014-04-11 13:37 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 13:37 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 13:37 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 13:37 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 13:37 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 13:37 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 13:37 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 13:37 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 13:37 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 13:37 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 13:37 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 13:37 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 13:37 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 13:37 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 13:37 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 13:37 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 13:37 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 19:44 - 2014-04-06 19:44 - 00003072 _____ () C:\Windows\SysWOW64\persistent_q.db
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Windows\SysWOW64\%Report%
2014-04-04 14:04 - 2014-04-04 14:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-04 14:04 - 2014-04-04 14:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-04 14:04 - 2014-04-04 14:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-04 14:04 - 2014-04-04 14:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-04 14:03 - 2014-04-04 14:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-23 10:25 - 2014-03-23 10:25 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 10:25 - 2014-03-23 10:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 10:25 - 2014-03-23 10:25 - 00000000 ____D () C:\Users\xxx\AppData\Local\Skype
2014-03-21 16:20 - 2014-03-21 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-14 22:26 - 2014-03-14 22:26 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\raidcall
2014-03-14 17:43 - 2014-03-14 17:43 - 00002334 _____ () C:\Users\xxx\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-14 17:42 - 2014-03-14 17:42 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-03-14 17:42 - 2013-05-06 10:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-03-14 17:41 - 2014-04-13 15:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-14 17:41 - 2014-03-21 16:16 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-14 17:41 - 2014-03-21 16:16 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-14 17:41 - 2014-03-14 17:41 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-14 17:41 - 2014-03-14 17:41 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-14 17:18 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 17:18 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 17:18 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 17:18 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 17:18 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 17:18 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 17:18 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 17:18 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
==================== One Month Modified Files and Folders =======
2014-04-13 15:39 - 2014-04-13 15:39 - 00000000 ____D () C:\FRST
2014-04-13 15:39 - 2013-03-02 14:37 - 00000000 ____D () C:\Users\xxx\Desktop\Systemüberprüfung
2014-04-13 15:38 - 2014-04-13 15:38 - 00000000 _____ () C:\Users\xxx\defogger_reenable
2014-04-13 15:38 - 2013-02-04 20:48 - 00000000 ____D () C:\Users\xxx
2014-04-13 15:35 - 2013-02-08 21:15 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Skype
2014-04-13 15:16 - 2014-03-14 17:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-13 15:04 - 2014-01-17 16:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 14:45 - 2013-02-23 17:04 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\TS3Client
2014-04-13 13:35 - 2013-02-04 20:43 - 01053900 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 11:13 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 11:13 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 11:08 - 2009-07-14 06:51 - 00109966 _____ () C:\Windows\setupact.log
2014-04-13 11:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-12 09:37 - 2010-11-21 08:50 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-12 09:37 - 2010-11-21 08:50 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-12 09:37 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-11 15:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-11 13:54 - 2013-02-07 20:35 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe
2014-04-11 13:51 - 2014-01-17 16:43 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-11 13:51 - 2014-01-17 16:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-11 13:51 - 2014-01-17 16:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-11 13:40 - 2013-07-21 00:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 13:38 - 2013-02-05 19:38 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 19:44 - 2014-04-06 19:44 - 00003072 _____ () C:\Windows\SysWOW64\persistent_q.db
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Windows\SysWOW64\%Report%
2014-04-06 18:34 - 2014-02-08 21:40 - 00000000 ____D () C:\Users\xxx\Desktop\PokemonToDo
2014-04-05 11:05 - 2013-02-16 01:01 - 00000000 ____D () C:\Users\xxx\AppData\Local\Microsoft Games
2014-04-04 14:06 - 2013-09-13 16:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-04 14:03 - 2014-04-04 14:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-04 14:03 - 2014-04-04 14:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-04 14:03 - 2014-04-04 14:04 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-04 14:03 - 2014-04-04 14:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-04 14:03 - 2014-04-04 14:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-30 00:04 - 2014-01-25 14:21 - 00000000 ____D () C:\Users\xxx\Desktop\Wissenschaftliche HA
2014-03-23 10:25 - 2014-03-23 10:25 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 10:25 - 2014-03-23 10:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 10:25 - 2014-03-23 10:25 - 00000000 ____D () C:\Users\xxx\AppData\Local\Skype
2014-03-23 10:25 - 2013-02-08 14:09 - 00000000 ____D () C:\ProgramData\Skype
2014-03-22 10:40 - 2013-02-08 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 16:20 - 2014-03-21 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 16:16 - 2014-03-14 17:41 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-21 16:16 - 2014-03-14 17:41 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-15 20:28 - 2014-01-10 23:38 - 00000000 ____D () C:\Program Files (x86)\DevPro
2014-03-15 07:49 - 2010-11-21 05:47 - 00217602 _____ () C:\Windows\PFRO.log
2014-03-14 22:35 - 2014-01-29 16:04 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-03-14 22:26 - 2014-03-14 22:26 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\raidcall
2014-03-14 22:26 - 2014-01-29 16:04 - 00001035 _____ () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-03-14 22:26 - 2014-01-29 16:04 - 00001011 _____ () C:\Users\xxx\Desktop\RaidCall.lnk
2014-03-14 22:23 - 2013-02-23 17:04 - 00000000 ____D () C:\Users\xxx\AppData\Local\TeamSpeak 3 Client
2014-03-14 17:51 - 2013-10-17 16:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-03-14 17:51 - 2013-10-17 16:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-03-14 17:51 - 2013-06-06 18:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-03-14 17:43 - 2014-03-14 17:43 - 00002334 _____ () C:\Users\xxx\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-14 17:42 - 2014-03-14 17:42 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-03-14 17:41 - 2014-03-14 17:41 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-14 17:41 - 2014-03-14 17:41 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-14 17:35 - 2013-02-04 21:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-14 17:35 - 2013-02-04 21:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 17:34 - 2013-02-04 21:10 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-03-14 17:25 - 2009-07-14 06:45 - 00432024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 17:24 - 2013-02-05 19:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 17:24 - 2013-02-05 19:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
Some content of TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\devpro.dll
C:\Users\xxx\AppData\Local\Temp\DevPro.exe
C:\Users\xxx\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\xxx\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxx\AppData\Local\Temp\SkypeSetup.exe
C:\Users\xxx\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\xxx\AppData\Local\Temp\VSUSetup.exe
C:\Users\xxx\AppData\Local\Temp\YgoUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-11 14:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
Ran by xxxat 2014-04-13 15:39:47
Running from C:\Users\xxx\Desktop\Systemüberprüfung
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD OverDrive (HKLM-x32\...\{FFC93940-E059-4CDA-8385-1E95B1731148}) (Version: 3.2.2.0452 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3428D45E-785A-147C-9BB6-018C1D9EAF43}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center HydraVision Full (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help English (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help French (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help German (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0614.2131.36800 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0614.2131.36800 - ATI) Hidden
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
HydraVision (x32 Version: 4.2.108.0 - ATI Technologies Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech H800 (HKLM\...\{7DE24FDD-A655-4AB7-A877-7236B91A9675}) (Version: 1.0.034 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5880 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.7009) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7009 - Secunia)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TurboV (HKLM-x32\...\{A31951C5-DCD8-4DFE-A525-CFC701F54792}) (Version: 1.02.05 - )
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
YGOPro DevPro Version 1.9.8 r9 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.8 r9 - YGOPro DevPro Online)
==================== Restore Points =========================
07-03-2014 14:02:38 Windows Update
07-03-2014 20:23:32 Revo Uninstaller's restore point - Auslogics Disk Defrag
07-03-2014 20:25:52 Revo Uninstaller's restore point - Adobe Shockwave Player 12.0
14-03-2014 15:18:53 Windows Update
21-03-2014 14:17:04 Windows Update
28-03-2014 15:09:05 Windows Update
04-04-2014 11:26:10 Windows Update
04-04-2014 11:56:31 Revo Uninstaller's restore point - Java 7 Update 51
04-04-2014 11:57:28 Removed Java 7 Update 51
04-04-2014 12:02:43 Installed Java 7 Update 51
11-04-2014 11:37:49 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-02-25 03:13 - 00572148 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 cms.ad2click.nl
127.0.0.1 ad2games.com
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 banner.ad.nu
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {41205B04-AA7B-4505-A1CD-CD20857394F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11] (Adobe Systems Incorporated)
Task: {6AAE1619-5908-46F0-AC9C-E5C19FF5E8F9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-20 11:35 - 2007-02-16 10:15 - 00278528 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\OK272UU1.DLL
2010-05-21 03:07 - 2010-05-21 03:07 - 00136616 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2008-12-10 12:19 - 2008-12-10 12:19 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-02-07 21:54 - 2013-02-07 21:54 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-05-21 03:07 - 2010-05-21 03:07 - 00423328 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2010-05-21 03:07 - 2010-05-21 03:07 - 03847584 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2010-05-21 03:01 - 2010-05-21 03:01 - 01586592 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2010-05-21 03:01 - 2010-05-21 03:01 - 00361888 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-02-04 21:41 - 2009-12-08 22:37 - 00565248 _____ () C:\Program Files (x86)\ASUS\TurboV\pngio.dll
2013-02-04 21:41 - 2009-12-08 22:37 - 00135680 _____ () C:\Program Files (x86)\ASUS\TurboV\TVOCLIB.DLL
2014-03-21 16:20 - 2014-03-21 16:20 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: D-Link DWA-547 RangeBooster N650 Desktop Adapter
Description: D-Link DWA-547 RangeBooster N650 Desktop Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: D-Link Corporation
Service: athr
Problem: : Your computer's system firmware does not include enough information to properly configure and use this device. To use this device, contact your computer manufacturer to obtain a firmware or BIOS update. (Code 35)
Resolution: The Multiprocessor System (MPS) table, which stores the resource assignments for the BIOS, is missing an entry for your device and needs to be updated.
Obtain a new BIOS from the system vendor.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2014 11:07:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 09:35:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/12/2014 09:34:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/11/2014 01:43:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/11/2014 01:32:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2014 10:39:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/05/2014 10:07:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/04/2014 01:31:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/04/2014 01:21:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2014 03:57:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0xb10
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (04/13/2014 00:36:58 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 00:36:58 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 00:36:57 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 11:10:38 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 11:10:38 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 11:10:38 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 11:10:34 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 11:10:34 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 11:10:34 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/13/2014 11:08:28 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Microsoft Office Sessions:
=========================
Error: (04/13/2014 11:07:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 09:35:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/12/2014 09:34:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/11/2014 01:43:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/11/2014 01:32:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2014 10:39:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/05/2014 10:07:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/04/2014 01:31:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/04/2014 01:21:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2014 03:57:09 PM) (Source: Application Error)(User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c000000500184729b1001cf4bece3a4a7c8C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll2ed01501-b813-11e3-a074-00248ca77df0
CodeIntegrity Errors:
===================================
Date: 2014-04-13 15:07:01.349
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-13 15:07:01.349
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-13 15:07:01.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-13 14:54:13.182
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-13 14:54:13.179
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-13 14:54:13.177
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-12 10:22:26.897
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-12 10:22:26.887
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-12 10:22:26.887
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-12 10:22:26.867
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 3839.18 MB
Available physical RAM: 2088.84 MB
Total Pagefile: 7676.54 MB
Available Pagefile: 5644.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:194.78 GB) NTFS
Drive d: () (Fixed) (Total:76.69 GB) (Free:14.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 47F55653)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 77 GB) (Disk ID: 275D275C)
Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-13 15:53:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP2504C rev.VT100-50 232,89GB
Running: ydfvlm3v.exe; Driver: C:\Users\xxx\AppData\Local\Temp\uwddipob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075311465 2 bytes [31, 75]
.text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753114bb 2 bytes [31, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075311465 2 bytes [31, 75]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753114bb 2 bytes [31, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075311465 2 bytes [31, 75]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753114bb 2 bytes [31, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075311465 2 bytes [31, 75]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753114bb 2 bytes [31, 75]
.text ... * 2
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774911f5 8 bytes {JMP 0xd}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077491390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007749143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007749158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007749191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077491b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077491bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077491eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077491f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077491fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077491fd7 8 bytes {JMP 0xb}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077492272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077492301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077492792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774927b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774927d2 8 bytes {JMP 0x10}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007749282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077492890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077492d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077492d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077493023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007749323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774933c0 16 bytes {JMP 0x4e}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077493a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077493ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077493b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077493d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077494190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774e1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774e1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774e1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774e1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774e1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774e1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774e1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774e27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007510146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000751016e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000075101a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000075101a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075101a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\xxx\Desktop\Systemüberprüfung\ydfvlm3v.exe[2620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000075101a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- EOF - GMER 2.1 ----
|
|
13.04.2014, 16:17
| #2 |
| /// the machine /// TB-Ausbilder    | Phinshing Email von Paypal geöffnet - Kaspersky findet nichts per Scan .__. Hast Du auf der Phishing Seite auch deine Daten eingegeben?
__________________
__________________ |
|
13.04.2014, 16:18
| #3 |
| | Phinshing Email von Paypal geöffnet - Kaspersky findet nichts per Scan .__. Ja, das habe ich leider getan.
__________________Allerdings waren darunter keine Kreditkartendaten (da ich solche nicht besitze) Passwort habe ich bereits zurücksetzen udn ändern lassen. Hinterher muss ich sagen, dass ich mir am liebsten selbst in den Fuß schießen würde...weils absolut dämlich war <.< EDIT: Ich kann als Laie auch gar nicht beurteilen wie tief und weit der Schutz von Kaspersky geht. Ich bin über die Woche nicht erreichbar bzw werde nicht an den Rechner gelangen. Hast du nächstes Wochenende für die Behebung des Problems Zeit? Ansonsten könnte das ggf jemand anders übernehmen? Geändert von DukeYGO (13.04.2014 um 17:10 Uhr) |
|
14.04.2014, 14:48
| #4 |
| /// the machine /// TB-Ausbilder | Phinshing Email von Paypal geöffnet - Kaspersky findet nichts per Scan .__. Der Rechner ist sauber. Phishin zielt auf deine Daten ab, die hast du ändern lassen, passt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Phinshing Email von Paypal geöffnet - Kaspersky findet nichts per Scan .__. |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, branding, defender, desktop, ebanking, email, error, firefox, flash player, frage, helper, iexplore.exe, kaspersky, malware, mozilla, ntdll.dll, prozesse, registry, scan, security, services.exe, software, svchost.exe, teamspeak, temp, trojaner, vista, warnung |
Linear-Darstellung
