Das System ist sehr langsam.
Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Antje (administrator) on ANTJE-PC on 28-07-2014 20:35:51
Running from F:\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\ProgDVB\ProgLauncher.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files\FreeCommander\FreeCommander.exe
(www.bid-o-matic.org) C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe
(eBay Inc.) C:\Program Files\eBay\Turbo Lister2\Tl.exe
(OldTimer Tools) F:\Downloads\OTL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [ProgLauncher] => C:\Program Files\ProgDVB\ProgLauncher.exe [381352 2014-04-04] ()
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2815109442-3409531166-1884801714-1002\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\phase-6\reminder\reminder.exe (phase-6)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicyUsers\S-1-5-21-2815109442-3409531166-1884801714-1001\user: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D091833DCFFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545
FF Homepage: hxxp://www.ksta.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\ich@maltegoetz.de [2014-05-05]
FF Extension: NoScript - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-12]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2014-04-26]
FF Extension: Adblock Plus - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-12]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-23]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-02-28]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-09-21] (Intel Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [437080 2014-07-01] (Garmin Ltd or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462088 2012-06-19] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [116224 2012-02-09] ()
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [29992 2012-01-13] (ASRock Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21952 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21952 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [39360 2012-02-09] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-26] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-23] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-23] (Kaspersky Lab ZAO)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-02-04] (Padus, Inc.) [File not signed]
R3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2010-05-10] (TechniSat Digital, S.A.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [31680 2014-07-27] ()
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S1 nvport; \??\C:\Windows\system32\Drivers\nvport.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-27 12:12 - 2014-07-27 12:12 - 00086976 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ffdshow
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-10 11:06 - 2014-06-28 16:39 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-07-10 08:03 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 08:03 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 08:03 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 08:03 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 08:03 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 08:03 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 08:03 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 08:03 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 08:03 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 08:03 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 08:03 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 08:03 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 08:03 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 08:03 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 08:03 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 08:03 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 08:03 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 08:03 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 08:03 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 08:03 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 08:03 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 08:03 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 08:03 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 08:03 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 08:03 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 08:03 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 08:03 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 08:03 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 08:03 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 08:03 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 08:03 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 08:03 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 08:03 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 08:03 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 08:03 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 08:03 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 08:03 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 21:46 - 2014-07-09 21:46 - 00001032 _____ () C:\Users\Public\Desktop\TSDoctor.lnk
2014-07-09 01:07 - 2014-07-09 01:07 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-08 20:59 - 2014-07-27 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-08 16:45 - 2014-07-08 16:45 - 00001905 _____ () C:\Users\Antje\Desktop\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00001855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-07-08 16:22 - 2014-07-08 16:22 - 00002156 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forge of Empires.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002191 _____ () C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002081 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
2014-07-08 09:16 - 2014-07-08 09:17 - 00995769 _____ () C:\Users\Antje\Downloads\Odin3_v3.09.zip
2014-07-07 20:43 - 2014-07-07 20:43 - 00000988 _____ () C:\Users\Antje\Desktop\Garmin Express.lnk
2014-07-07 20:41 - 2014-07-07 20:41 - 00001088 _____ () C:\Users\Antje\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-07 20:19 - 2014-07-07 20:22 - 00001864 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00001081 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2014-07-06 09:48 - 2014-07-06 09:49 - 85744960 _____ () C:\Users\Kinder\Downloads\phase-6-desktop-2.3.4-windows-installer.exe
2014-06-29 10:32 - 2014-07-06 09:53 - 00000000 ____D () C:\ProgramData\Phase6
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 20:36 - 2013-12-23 17:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-28 20:35 - 2014-06-25 23:48 - 00000000 ____D () C:\FRST
2014-07-28 20:33 - 2014-03-31 18:48 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\BOM
2014-07-28 20:07 - 2013-12-30 12:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 19:59 - 2014-01-19 19:17 - 00000000 ____D () C:\Users\Antje\Documents\Turbo Lister Backup
2014-07-28 19:29 - 2009-07-14 06:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 19:29 - 2009-07-14 06:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 19:13 - 2013-12-23 14:14 - 01327446 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 18:56 - 2014-03-18 08:15 - 00000000 ____D () C:\Windows\Minidump
2014-07-28 12:43 - 2010-11-20 23:01 - 01632792 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 21:40 - 2014-07-08 20:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 13:03 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-27 12:12 - 2014-07-27 12:12 - 00086976 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-27 12:12 - 2014-06-26 07:16 - 00031680 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-07-27 12:12 - 2014-03-07 20:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-27 12:12 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 11:11 - 2014-04-01 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-27 11:11 - 2014-04-01 23:03 - 00000000 ____D () C:\Program Files\Garmin
2014-07-27 11:09 - 2014-05-01 15:30 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Tyre
2014-07-27 11:01 - 2014-02-28 18:02 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Mp3tag
2014-07-27 07:04 - 2014-04-05 07:58 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\ALFBanCo5
2014-07-27 07:04 - 2014-04-05 07:58 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2014-07-27 06:56 - 2014-04-05 07:58 - 00000000 ____D () C:\Program Files\ALFBanCo5
2014-07-27 06:30 - 2014-04-12 07:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 18:20 - 2013-12-30 18:19 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\vlc
2014-07-11 04:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-11 03:23 - 2009-07-14 06:33 - 00282576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 03:21 - 2014-05-01 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 03:21 - 2011-04-12 03:38 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 03:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-11 03:04 - 2013-12-23 16:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 03:01 - 2013-12-23 16:57 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ffdshow
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-10 10:41 - 2013-12-23 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-10 10:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-07-09 21:46 - 2014-07-09 21:46 - 00001032 _____ () C:\Users\Public\Desktop\TSDoctor.lnk
2014-07-09 21:46 - 2013-12-31 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSDoctor
2014-07-09 18:03 - 2014-04-11 20:11 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\AccurateRip
2014-07-09 01:07 - 2014-07-09 01:07 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 01:07 - 2013-12-30 12:23 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 01:07 - 2013-12-30 12:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 16:45 - 2014-07-08 16:45 - 00001905 _____ () C:\Users\Antje\Desktop\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00001855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-07-08 16:22 - 2014-07-08 16:22 - 00002156 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forge of Empires.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002191 _____ () C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002081 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-08 09:17 - 2014-07-08 09:16 - 00995769 _____ () C:\Users\Antje\Downloads\Odin3_v3.09.zip
2014-07-07 20:43 - 2014-07-07 20:43 - 00000988 _____ () C:\Users\Antje\Desktop\Garmin Express.lnk
2014-07-07 20:41 - 2014-07-07 20:41 - 00001088 _____ () C:\Users\Antje\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-07 20:23 - 2014-05-14 18:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-07 20:22 - 2014-07-07 20:19 - 00001864 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-07 20:22 - 2014-04-01 23:04 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-06 09:53 - 2014-06-29 10:32 - 00000000 ____D () C:\ProgramData\Phase6
2014-07-06 09:51 - 2014-07-06 09:51 - 00001081 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2014-07-06 09:49 - 2014-07-06 09:48 - 85744960 _____ () C:\Users\Kinder\Downloads\phase-6-desktop-2.3.4-windows-installer.exe
2014-06-30 03:40 - 2014-07-10 08:03 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:36 - 2014-07-10 08:03 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 21:55 - 2013-12-23 15:28 - 00000400 _____ () C:\Windows\ODBC.INI
2014-06-29 21:54 - 2013-12-23 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-29 17:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-28 16:39 - 2014-07-10 11:06 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 00:53
==================== End Of Log ============================
Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-28 21:03:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000064 ATA_____ rev.1A01 931,51GB
Running: Gmer-19357.exe; Driver: g:\temp\kgdorpow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x92765990]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x927161CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x92716400]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x92715FC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x9276855C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x92729E90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x9276798C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x92767BD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x9276751E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x92706640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x92765AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x927655FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x92729EB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x92767052]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9276878C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x9276767E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x92729EA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryIntervalProfile [0x92729EE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x927681C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x927162D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x92767EE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x927160C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x92768048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x92706A5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x92765936]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x9276725A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x92767D82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x92706A6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x927673C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x92767882]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x92768894]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x9276861E]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83057A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83091212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8309846C 4 Bytes [90, 59, 76, 92] {NOP ; POP ECX; JBE 0xffffff96}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83098494 4 Bytes [CE, 61, 71, 92] {INTO ; POPA ; JNO 0xffffff96}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 830984D8 4 Bytes [00, 64, 71, 92] {ADD [ECX+ESI*2-0x6e], AH}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83098528 4 Bytes [C8, 5F, 71, 92] {ENTER 0x715f, 0x92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8309858C 4 Bytes [5C, 85, 76, 92] {POP ESP; TEST [ESI-0x6e], ESI}
.text ...
init C:\Windows\system32\drivers\MBfilt32.sys entry point in "init" section [0x951DA090]
---- User code sections - GMER 2.1 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] ntdll.dll!NtProtectVirtualMemory 77525F58 5 Bytes JMP 6F1B1ED6 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] USER32.dll!NotifyWinEvent + 5B2 7599D570 4 Bytes [0B, 26, 1B, 6F]
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] USER32.dll!NotifyWinEvent + 6AE 7599D66C 4 Bytes [1B, 2F, 1B, 6F]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[300] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtCreateFile 77525608 5 Bytes JMP 1000D520 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtFlushBuffersFile 77525998 5 Bytes JMP 0FFF5BAB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtQueryFullAttributesFile 77526028 5 Bytes JMP 1000CF90 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtReadFile 775262F8 5 Bytes JMP 0FFF5CA0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtReadFileScatter 77526308 5 Bytes JMP 1089A506 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtWriteFile 77526AA8 5 Bytes JMP 1000DBF0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!NtWriteFileGather 77526AB8 5 Bytes JMP 1089A4B5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!LdrLoadDll 775422AE 5 Bytes JMP 592F1F4C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 774494E6 7 Bytes JMP 1083A067 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] kernel32.dll!QueryPerformanceCounter + 13 7744C4E5 7 Bytes JMP 1083A08A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] kernel32.dll!LoadAppInitDlls + 355 7744F5A6 7 Bytes JMP 10009E03 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] USER32.dll!GetWindowInfo 75994B5E 5 Bytes JMP 1074778F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] GDI32.dll!GetViewportOrgEx + 26C 7706884B 7 Bytes JMP 10839FE8 C:\Program Files\Mozilla Firefox\xul.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[3720] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[3720] C:\Windows\system32\USER32.dll time/date stamp mismatch; unknown module: CFGMGR32.dllunknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[3720] USER32.dll!NotifyWinEvent + 5B2 7599D570 4 Bytes [0B, 26, 1B, 6F]
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[3720] USER32.dll!NotifyWinEvent + 6AE 7599D66C 4 Bytes [1B, 2F, 1B, 6F]
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] ntdll.dll!LdrGetProcedureAddress + 26 775422A9 7 Bytes JMP 0F70578A C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 774494E6 7 Bytes JMP 103A384C C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] kernel32.dll!QueryPerformanceCounter + 13 7744C4E5 7 Bytes JMP 103A3804 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] kernel32.dll!LoadAppInitDlls + 355 7744F5A6 7 Bytes JMP 0F716538 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] USER32.dll!GetWindowInfo 75994B5E 5 Bytes JMP 0FF2918D C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5672] GDI32.dll!GetViewportOrgEx + 26C 7706884B 7 Bytes JMP 103A3873 C:\Program Files\Mozilla Thunderbird\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 177143785
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 0.0.0.0
---- EOF - GMER 2.1 ----
28.07.2014, 20:04
Baum-Darstellung