Das System ist sehr langsam.

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Antje (administrator) on ANTJE-PC on 28-07-2014 20:35:51
Running from F:\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\ProgDVB\ProgLauncher.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files\FreeCommander\FreeCommander.exe
(www.bid-o-matic.org) C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe
(eBay Inc.) C:\Program Files\eBay\Turbo Lister2\Tl.exe
(OldTimer Tools) F:\Downloads\OTL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [ProgLauncher] => C:\Program Files\ProgDVB\ProgLauncher.exe [381352 2014-04-04] ()
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform 
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2815109442-3409531166-1884801714-1002\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\phase-6\reminder\reminder.exe (phase-6)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicyUsers\S-1-5-21-2815109442-3409531166-1884801714-1001\user: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D091833DCFFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545
FF Homepage: hxxp://www.ksta.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\ich@maltegoetz.de [2014-05-05]
FF Extension: NoScript - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-12]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2014-04-26]
FF Extension: Adblock Plus - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-12]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-23]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-02-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-09-21] (Intel Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [437080 2014-07-01] (Garmin Ltd or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462088 2012-06-19] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [116224 2012-02-09] ()
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [29992 2012-01-13] (ASRock Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21952 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21952 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [39360 2012-02-09] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-26] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-23] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-23] (Kaspersky Lab ZAO)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-02-04] (Padus, Inc.) [File not signed]
R3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2010-05-10] (TechniSat Digital, S.A.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [31680 2014-07-27] ()
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S1 nvport; \??\C:\Windows\system32\Drivers\nvport.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 12:12 - 2014-07-27 12:12 - 00086976 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ffdshow
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-10 11:06 - 2014-06-28 16:39 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-07-10 08:03 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 08:03 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 08:03 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 08:03 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 08:03 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 08:03 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 08:03 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 08:03 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 08:03 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 08:03 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 08:03 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 08:03 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 08:03 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 08:03 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 08:03 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 08:03 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 08:03 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 08:03 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 08:03 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 08:03 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 08:03 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 08:03 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 08:03 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 08:03 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 08:03 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 08:03 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 08:03 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 08:03 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 08:03 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 08:03 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 08:03 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 08:03 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 08:03 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 08:03 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 08:03 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 08:03 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 08:03 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 21:46 - 2014-07-09 21:46 - 00001032 _____ () C:\Users\Public\Desktop\TSDoctor.lnk
2014-07-09 01:07 - 2014-07-09 01:07 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-08 20:59 - 2014-07-27 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-08 16:45 - 2014-07-08 16:45 - 00001905 _____ () C:\Users\Antje\Desktop\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00001855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-07-08 16:22 - 2014-07-08 16:22 - 00002156 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forge of Empires.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002191 _____ () C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002081 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
2014-07-08 09:16 - 2014-07-08 09:17 - 00995769 _____ () C:\Users\Antje\Downloads\Odin3_v3.09.zip
2014-07-07 20:43 - 2014-07-07 20:43 - 00000988 _____ () C:\Users\Antje\Desktop\Garmin Express.lnk
2014-07-07 20:41 - 2014-07-07 20:41 - 00001088 _____ () C:\Users\Antje\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-07 20:19 - 2014-07-07 20:22 - 00001864 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00001081 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2014-07-06 09:48 - 2014-07-06 09:49 - 85744960 _____ () C:\Users\Kinder\Downloads\phase-6-desktop-2.3.4-windows-installer.exe
2014-06-29 10:32 - 2014-07-06 09:53 - 00000000 ____D () C:\ProgramData\Phase6

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 20:36 - 2013-12-23 17:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-28 20:35 - 2014-06-25 23:48 - 00000000 ____D () C:\FRST
2014-07-28 20:33 - 2014-03-31 18:48 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\BOM
2014-07-28 20:07 - 2013-12-30 12:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 19:59 - 2014-01-19 19:17 - 00000000 ____D () C:\Users\Antje\Documents\Turbo Lister Backup
2014-07-28 19:29 - 2009-07-14 06:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 19:29 - 2009-07-14 06:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 19:13 - 2013-12-23 14:14 - 01327446 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 18:56 - 2014-03-18 08:15 - 00000000 ____D () C:\Windows\Minidump
2014-07-28 12:43 - 2010-11-20 23:01 - 01632792 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 21:40 - 2014-07-08 20:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 13:03 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-27 12:12 - 2014-07-27 12:12 - 00086976 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-27 12:12 - 2014-06-26 07:16 - 00031680 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-07-27 12:12 - 2014-03-07 20:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-27 12:12 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 11:11 - 2014-04-01 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-27 11:11 - 2014-04-01 23:03 - 00000000 ____D () C:\Program Files\Garmin
2014-07-27 11:09 - 2014-05-01 15:30 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Tyre
2014-07-27 11:01 - 2014-02-28 18:02 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Mp3tag
2014-07-27 07:04 - 2014-04-05 07:58 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\ALFBanCo5
2014-07-27 07:04 - 2014-04-05 07:58 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2014-07-27 06:56 - 2014-04-05 07:58 - 00000000 ____D () C:\Program Files\ALFBanCo5
2014-07-27 06:30 - 2014-04-12 07:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 18:20 - 2013-12-30 18:19 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\vlc
2014-07-11 04:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-11 03:23 - 2009-07-14 06:33 - 00282576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 03:21 - 2014-05-01 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 03:21 - 2011-04-12 03:38 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 03:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-11 03:04 - 2013-12-23 16:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 03:01 - 2013-12-23 16:57 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ffdshow
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-10 10:41 - 2013-12-23 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-10 10:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-07-09 21:46 - 2014-07-09 21:46 - 00001032 _____ () C:\Users\Public\Desktop\TSDoctor.lnk
2014-07-09 21:46 - 2013-12-31 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSDoctor
2014-07-09 18:03 - 2014-04-11 20:11 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\AccurateRip
2014-07-09 01:07 - 2014-07-09 01:07 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 01:07 - 2013-12-30 12:23 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 01:07 - 2013-12-30 12:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 16:45 - 2014-07-08 16:45 - 00001905 _____ () C:\Users\Antje\Desktop\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00001855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-07-08 16:22 - 2014-07-08 16:22 - 00002156 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forge of Empires.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002191 _____ () C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002081 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-08 09:17 - 2014-07-08 09:16 - 00995769 _____ () C:\Users\Antje\Downloads\Odin3_v3.09.zip
2014-07-07 20:43 - 2014-07-07 20:43 - 00000988 _____ () C:\Users\Antje\Desktop\Garmin Express.lnk
2014-07-07 20:41 - 2014-07-07 20:41 - 00001088 _____ () C:\Users\Antje\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-07 20:23 - 2014-05-14 18:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-07 20:22 - 2014-07-07 20:19 - 00001864 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-07 20:22 - 2014-04-01 23:04 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-06 09:53 - 2014-06-29 10:32 - 00000000 ____D () C:\ProgramData\Phase6
2014-07-06 09:51 - 2014-07-06 09:51 - 00001081 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2014-07-06 09:49 - 2014-07-06 09:48 - 85744960 _____ () C:\Users\Kinder\Downloads\phase-6-desktop-2.3.4-windows-installer.exe
2014-06-30 03:40 - 2014-07-10 08:03 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:36 - 2014-07-10 08:03 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 21:55 - 2013-12-23 15:28 - 00000400 _____ () C:\Windows\ODBC.INI
2014-06-29 21:54 - 2013-12-23 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-29 17:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-28 16:39 - 2014-07-10 11:06 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 00:53

==================== End Of Log ============================
         

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-28 21:03:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000064 ATA_____ rev.1A01 931,51GB
Running: Gmer-19357.exe; Driver: g:\temp\kgdorpow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwAdjustPrivilegesToken [0x92765990]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwAlpcConnectPort [0x927161CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwAlpcSendWaitReceivePort [0x92716400]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwConnectPort [0x92715FC8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwCreateSection [0x9276855C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwCreateSymbolicLinkObject [0x92729E90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwCreateThread [0x9276798C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwCreateThreadEx [0x92767BD8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwDebugActiveProcess [0x9276751E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwDeviceIoControlFile [0x92706640]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwDuplicateObject [0x92765AD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwLoadDriver [0x927655FE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwMapViewOfSection [0x92729EB0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwOpenProcess [0x92767052]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwOpenSection [0x9276878C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwOpenThread [0x9276767E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwPlugPlayControl [0x92729EA0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwQueryIntervalProfile [0x92729EE0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwQueueApcThread [0x927681C6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwRequestWaitReplyPort [0x927162D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwResumeThread [0x92767EE2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSecureConnectPort [0x927160C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSetContextThread [0x92768048]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSetInformationToken [0x92706A5A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSetSystemInformation [0x92765936]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSuspendProcess [0x9276725A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSuspendThread [0x92767D82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSystemDebugControl [0x92706A6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwTerminateProcess [0x927673C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwTerminateThread [0x92767882]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwUnmapViewOfSection [0x92768894]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwWriteVirtualMemory [0x9276861E]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                     83057A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                       83091212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                          8309846C 4 Bytes  [90, 59, 76, 92] {NOP ; POP ECX; JBE 0xffffff96}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                          83098494 4 Bytes  [CE, 61, 71, 92] {INTO ; POPA ; JNO 0xffffff96}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                          830984D8 4 Bytes  [00, 64, 71, 92] {ADD [ECX+ESI*2-0x6e], AH}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                          83098528 4 Bytes  [C8, 5F, 71, 92] {ENTER 0x715f, 0x92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                          8309858C 4 Bytes  [5C, 85, 76, 92] {POP ESP; TEST [ESI-0x6e], ESI}
.text           ...                                                                                                          
init            C:\Windows\system32\drivers\MBfilt32.sys                                                                     entry point in "init" section [0x951DA090]

---- User code sections - GMER 2.1 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] C:\Windows\SYSTEM32\ntdll.dll        time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] ntdll.dll!NtProtectVirtualMemory     77525F58 5 Bytes  JMP 6F1B1ED6 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] C:\Windows\system32\kernel32.dll     time/date stamp mismatch; unknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] USER32.dll!NotifyWinEvent + 5B2      7599D570 4 Bytes  [0B, 26, 1B, 6F]
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] USER32.dll!NotifyWinEvent + 6AE      7599D66C 4 Bytes  [1B, 2F, 1B, 6F]
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] C:\Windows\system32\ole32.dll        time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtCreateFile                                    77525608 5 Bytes  JMP 1000D520 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtFlushBuffersFile                              77525998 5 Bytes  JMP 0FFF5BAB C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtQueryFullAttributesFile                       77526028 5 Bytes  JMP 1000CF90 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtReadFile                                      775262F8 5 Bytes  JMP 0FFF5CA0 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtReadFileScatter                               77526308 5 Bytes  JMP 1089A506 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtWriteFile                                     77526AA8 5 Bytes  JMP 1000DBF0 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtWriteFileGather                               77526AB8 5 Bytes  JMP 1089A4B5 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!LdrLoadDll                                      775422AE 5 Bytes  JMP 592F1F4C C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D             774494E6 7 Bytes  JMP 1083A067 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] kernel32.dll!QueryPerformanceCounter + 13                 7744C4E5 7 Bytes  JMP 1083A08A C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] kernel32.dll!LoadAppInitDlls + 355                        7744F5A6 7 Bytes  JMP 10009E03 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] USER32.dll!GetWindowInfo                                  75994B5E 5 Bytes  JMP 1074778F C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3560] GDI32.dll!GetViewportOrgEx + 26C                          7706884B 7 Bytes  JMP 10839FE8 C:\Program Files\Mozilla Firefox\xul.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[3720] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; unknown module: KERNELBASE.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[3720] C:\Windows\system32\USER32.dll    time/date stamp mismatch; unknown module: CFGMGR32.dllunknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[3720] USER32.dll!NotifyWinEvent + 5B2   7599D570 4 Bytes  [0B, 26, 1B, 6F]
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[3720] USER32.dll!NotifyWinEvent + 6AE   7599D66C 4 Bytes  [1B, 2F, 1B, 6F]
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] ntdll.dll!LdrGetProcedureAddress + 26             775422A9 7 Bytes  JMP 0F70578A C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D     774494E6 7 Bytes  JMP 103A384C C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] kernel32.dll!QueryPerformanceCounter + 13         7744C4E5 7 Bytes  JMP 103A3804 C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] kernel32.dll!LoadAppInitDlls + 355                7744F5A6 7 Bytes  JMP 0F716538 C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] USER32.dll!GetWindowInfo                          75994B5E 5 Bytes  JMP 0FF2918D C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] GDI32.dll!GetViewportOrgEx + 26C                  7706884B 7 Bytes  JMP 103A3873 C:\Program Files\Mozilla Thunderbird\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                      kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                      kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                    kltdi.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                     fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision                                 177143785
Reg             HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer                                       0.0.0.0

---- EOF - GMER 2.1 ----
         

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:

• Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
• Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
• Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
• Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
• Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zitat:

Running from F:\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Antje (administrator) on ANTJE-PC on 29-07-2014 07:17:23
Running from C:\Users\Antje\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\ProgDVB\ProgLauncher.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [ProgLauncher] => C:\Program Files\ProgDVB\ProgLauncher.exe [381352 2014-04-04] ()
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform 
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\phase-6\reminder\reminder.exe (phase-6)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicyUsers\S-1-5-21-2815109442-3409531166-1884801714-1001\user: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D091833DCFFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545
FF Homepage: hxxp://www.ksta.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\ich@maltegoetz.de [2014-05-05]
FF Extension: NoScript - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-12]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2014-04-26]
FF Extension: Adblock Plus - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-12]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-23]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-02-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-09-21] (Intel Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [437080 2014-07-01] (Garmin Ltd or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462088 2012-06-19] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [116224 2012-02-09] ()
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [29992 2012-01-13] (ASRock Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21952 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21952 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [39360 2012-02-09] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-26] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-23] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-23] (Kaspersky Lab ZAO)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-02-04] (Padus, Inc.) [File not signed]
R3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2010-05-10] (TechniSat Digital, S.A.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [31680 2014-07-29] ()
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S1 nvport; \??\C:\Windows\system32\Drivers\nvport.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 07:17 - 2014-07-29 07:17 - 00015683 _____ () C:\Users\Antje\Desktop\FRST.txt
2014-07-29 07:15 - 2014-07-29 07:15 - 00086976 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-29 07:15 - 2014-07-29 07:15 - 00000056 _____ () C:\Windows\setupact.log
2014-07-29 07:15 - 2014-07-29 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 07:14 - 2014-07-29 07:14 - 00000330 _____ () C:\Windows\PFRO.log
2014-07-28 21:35 - 2014-07-28 20:32 - 00380416 _____ () C:\Users\Antje\Desktop\Gmer-19357.exe
2014-07-28 21:35 - 2014-07-28 20:31 - 01084416 _____ (Farbar) C:\Users\Antje\Desktop\FRST.exe
2014-07-27 21:40 - 2014-07-27 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ffdshow
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-10 11:06 - 2014-06-28 16:39 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-07-10 08:03 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 08:03 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 08:03 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 08:03 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 08:03 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 08:03 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 08:03 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 08:03 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 08:03 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 08:03 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 08:03 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 08:03 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 08:03 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 08:03 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 08:03 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 08:03 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 08:03 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 08:03 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 08:03 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 08:03 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 08:03 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 08:03 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 08:03 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 08:03 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 08:03 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 08:03 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 08:03 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 08:03 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 08:03 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 08:03 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 08:03 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 08:03 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 08:03 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 08:03 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 08:03 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 08:03 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 08:03 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 21:46 - 2014-07-09 21:46 - 00001032 _____ () C:\Users\Public\Desktop\TSDoctor.lnk
2014-07-09 01:07 - 2014-07-09 01:07 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-08 16:45 - 2014-07-08 16:45 - 00001905 _____ () C:\Users\Antje\Desktop\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00001855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-07-08 16:22 - 2014-07-08 16:22 - 00002156 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forge of Empires.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002191 _____ () C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002081 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
2014-07-08 09:16 - 2014-07-08 09:17 - 00995769 _____ () C:\Users\Antje\Downloads\Odin3_v3.09.zip
2014-07-07 20:43 - 2014-07-07 20:43 - 00000988 _____ () C:\Users\Antje\Desktop\Garmin Express.lnk
2014-07-07 20:41 - 2014-07-07 20:41 - 00001088 _____ () C:\Users\Antje\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-07 20:19 - 2014-07-07 20:22 - 00001864 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00001081 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2014-07-06 09:48 - 2014-07-06 09:49 - 85744960 _____ () C:\Users\Kinder\Downloads\phase-6-desktop-2.3.4-windows-installer.exe
2014-06-29 10:32 - 2014-07-06 09:53 - 00000000 ____D () C:\ProgramData\Phase6

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 07:18 - 2014-07-29 07:17 - 00015683 _____ () C:\Users\Antje\Desktop\FRST.txt
2014-07-29 07:17 - 2014-06-25 23:48 - 00000000 ____D () C:\FRST
2014-07-29 07:17 - 2013-12-23 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 07:16 - 2013-12-23 17:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-29 07:15 - 2014-07-29 07:15 - 00086976 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-29 07:15 - 2014-07-29 07:15 - 00000056 _____ () C:\Windows\setupact.log
2014-07-29 07:15 - 2014-07-29 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 07:15 - 2014-06-26 07:16 - 00031680 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-07-29 07:15 - 2014-03-07 20:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-29 07:15 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 07:14 - 2014-07-29 07:14 - 00000330 _____ () C:\Windows\PFRO.log
2014-07-28 23:30 - 2014-03-31 18:48 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\BOM
2014-07-28 23:30 - 2013-12-23 14:14 - 01375666 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 23:07 - 2013-12-30 12:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 21:46 - 2010-11-20 23:01 - 01632792 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 20:32 - 2014-07-28 21:35 - 00380416 _____ () C:\Users\Antje\Desktop\Gmer-19357.exe
2014-07-28 20:31 - 2014-07-28 21:35 - 01084416 _____ (Farbar) C:\Users\Antje\Desktop\FRST.exe
2014-07-28 19:59 - 2014-01-19 19:17 - 00000000 ____D () C:\Users\Antje\Documents\Turbo Lister Backup
2014-07-28 19:29 - 2009-07-14 06:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 19:29 - 2009-07-14 06:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 18:56 - 2014-03-18 08:15 - 00000000 ____D () C:\Windows\Minidump
2014-07-27 21:40 - 2014-07-27 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 13:03 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-27 11:11 - 2014-04-01 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-27 11:11 - 2014-04-01 23:03 - 00000000 ____D () C:\Program Files\Garmin
2014-07-27 11:09 - 2014-05-01 15:30 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Tyre
2014-07-27 11:01 - 2014-02-28 18:02 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Mp3tag
2014-07-27 07:04 - 2014-04-05 07:58 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\ALFBanCo5
2014-07-27 07:04 - 2014-04-05 07:58 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2014-07-27 06:56 - 2014-04-05 07:58 - 00000000 ____D () C:\Program Files\ALFBanCo5
2014-07-27 06:30 - 2014-04-12 07:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 18:20 - 2013-12-30 18:19 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\vlc
2014-07-11 04:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-11 03:23 - 2009-07-14 06:33 - 00282576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 03:21 - 2014-05-01 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 03:21 - 2011-04-12 03:38 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 03:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-11 03:04 - 2013-12-23 16:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 03:01 - 2013-12-23 16:57 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ffdshow
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-10 10:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-07-09 21:46 - 2014-07-09 21:46 - 00001032 _____ () C:\Users\Public\Desktop\TSDoctor.lnk
2014-07-09 21:46 - 2013-12-31 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSDoctor
2014-07-09 18:03 - 2014-04-11 20:11 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\AccurateRip
2014-07-09 01:07 - 2014-07-09 01:07 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 01:07 - 2013-12-30 12:23 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 01:07 - 2013-12-30 12:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 16:45 - 2014-07-08 16:45 - 00001905 _____ () C:\Users\Antje\Desktop\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00001855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-07-08 16:22 - 2014-07-08 16:22 - 00002156 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forge of Empires.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002191 _____ () C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002081 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-08 09:17 - 2014-07-08 09:16 - 00995769 _____ () C:\Users\Antje\Downloads\Odin3_v3.09.zip
2014-07-07 20:43 - 2014-07-07 20:43 - 00000988 _____ () C:\Users\Antje\Desktop\Garmin Express.lnk
2014-07-07 20:41 - 2014-07-07 20:41 - 00001088 _____ () C:\Users\Antje\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-07 20:23 - 2014-05-14 18:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-07 20:22 - 2014-07-07 20:19 - 00001864 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-07 20:22 - 2014-04-01 23:04 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-06 09:53 - 2014-06-29 10:32 - 00000000 ____D () C:\ProgramData\Phase6
2014-07-06 09:51 - 2014-07-06 09:51 - 00001081 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2014-07-06 09:49 - 2014-07-06 09:48 - 85744960 _____ () C:\Users\Kinder\Downloads\phase-6-desktop-2.3.4-windows-installer.exe
2014-06-30 03:40 - 2014-07-10 08:03 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:36 - 2014-07-10 08:03 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 21:55 - 2013-12-23 15:28 - 00000400 _____ () C:\Windows\ODBC.INI
2014-06-29 21:54 - 2013-12-23 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-29 17:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 00:53

==================== End Of Log ============================
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-29 08:06:00
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000064 ATA_____ rev.1A01 931,51GB
Running: Gmer-19357.exe; Driver: g:\temp\kgdorpow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwAdjustPrivilegesToken [0x9256B990]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwAlpcConnectPort [0x9251C1CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwAlpcSendWaitReceivePort [0x9251C400]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwConnectPort [0x9251BFC8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwCreateSection [0x9256E55C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwCreateSymbolicLinkObject [0x9252FE90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwCreateThread [0x9256D98C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwCreateThreadEx [0x9256DBD8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwDebugActiveProcess [0x9256D51E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwDeviceIoControlFile [0x9250C640]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwDuplicateObject [0x9256BAD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwLoadDriver [0x9256B5FE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwMapViewOfSection [0x9252FEB0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwOpenProcess [0x9256D052]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwOpenSection [0x9256E78C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwOpenThread [0x9256D67E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwPlugPlayControl [0x9252FEA0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwQueryIntervalProfile [0x9252FEE0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwQueueApcThread [0x9256E1C6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwRequestWaitReplyPort [0x9251C2D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwResumeThread [0x9256DEE2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSecureConnectPort [0x9251C0C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSetContextThread [0x9256E048]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSetInformationToken [0x9250CA5A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSetSystemInformation [0x9256B936]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSuspendProcess [0x9256D25A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSuspendThread [0x9256DD82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwSystemDebugControl [0x9250CA6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwTerminateProcess [0x9256D3C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwTerminateThread [0x9256D882]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwUnmapViewOfSection [0x9256E894]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                        ZwWriteVirtualMemory [0x9256E61E]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                     83055A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                       8308F212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                          8309646C 4 Bytes  [90, B9, 56, 92]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                          83096494 4 Bytes  [CE, C1, 51, 92]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                          830964D8 4 Bytes  [00, C4, 51, 92] {ADD AH, AL; PUSH ECX; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                          83096528 4 Bytes  [C8, BF, 51, 92] {ENTER 0x51bf, 0x92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                          8309658C 4 Bytes  [5C, E5, 56, 92] {POP ESP; IN EAX, 0x56; XCHG EDX, EAX}
.text           ...                                                                                                          
init            C:\Windows\system32\drivers\MBfilt32.sys                                                                     entry point in "init" section [0x95FDB090]

---- User code sections - GMER 2.1 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] C:\Windows\SYSTEM32\ntdll.dll        time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] ntdll.dll!NtProtectVirtualMemory     772C5F58 5 Bytes  JMP 6EF41ED6 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] C:\Windows\system32\kernel32.dll     time/date stamp mismatch; unknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] USER32.dll!NotifyWinEvent + 5B2      7656D570 4 Bytes  [0B, 26, F4, 6E] {OR ESP, [ESI]; HLT ; OUTS DX, BYTE [ESI]}
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] USER32.dll!NotifyWinEvent + 6AE      7656D66C 4 Bytes  [1B, 2F, F4, 6E] {SBB EBP, [EDI]; HLT ; OUTS DX, BYTE [ESI]}
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] C:\Windows\system32\ole32.dll        time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2884] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; unknown module: KERNELBASE.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2884] C:\Windows\system32\USER32.dll    time/date stamp mismatch; unknown module: CFGMGR32.dllunknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2884] USER32.dll!NotifyWinEvent + 5B2   7656D570 4 Bytes  [0B, 26, F4, 6E] {OR ESP, [ESI]; HLT ; OUTS DX, BYTE [ESI]}
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2884] USER32.dll!NotifyWinEvent + 6AE   7656D66C 4 Bytes  [1B, 2F, F4, 6E] {SBB EBP, [EDI]; HLT ; OUTS DX, BYTE [ESI]}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtCreateFile                                    772C5608 5 Bytes  JMP 53B55560 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtFlushBuffersFile                              772C5998 5 Bytes  JMP 53B37D24 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtQueryFullAttributesFile                       772C6028 5 Bytes  JMP 53B37A30 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtReadFile                                      772C62F8 5 Bytes  JMP 53B37C20 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtReadFileScatter                               772C6308 5 Bytes  JMP 54444D6F C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtWriteFile                                     772C6AA8 5 Bytes  JMP 53B56110 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtWriteFileGather                               772C6AB8 5 Bytes  JMP 54444D1E C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!LdrLoadDll                                      772E22AE 5 Bytes  JMP 56EB1F43 C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D             764B94E6 7 Bytes  JMP 543B47C5 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] kernel32.dll!QueryPerformanceCounter + 13                 764BC4E5 7 Bytes  JMP 543B47E8 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] kernel32.dll!LoadAppInitDlls + 355                        764BF5A6 7 Bytes  JMP 53B52176 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] USER32.dll!GetWindowInfo                                  76564B5E 5 Bytes  JMP 542BE6D9 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4280] GDI32.dll!GetViewportOrgEx + 26C                          7642884B 7 Bytes  JMP 543B4746 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] ntdll.dll!LdrGetProcedureAddress + 26             772E22A9 7 Bytes  JMP 5795578A C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D     764B94E6 7 Bytes  JMP 585F384C C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] kernel32.dll!QueryPerformanceCounter + 13         764BC4E5 7 Bytes  JMP 585F3804 C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] kernel32.dll!LoadAppInitDlls + 355                764BF5A6 7 Bytes  JMP 57966538 C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] USER32.dll!GetWindowInfo                          76564B5E 5 Bytes  JMP 5817918D C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] GDI32.dll!GetViewportOrgEx + 26C                  7642884B 7 Bytes  JMP 585F3873 C:\Program Files\Mozilla Thunderbird\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                      kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                      kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                    kltdi.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision                                 178148726
Reg             HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer                                       0.0.0.0

---- EOF - GMER 2.1 ----
         

Servus,




Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!