| Utka0405 | 08.02.2013 12:44 |
Verdacht auf Spyware - Anzeichen: Monitor blinkt ab und zu mal
Hallo Leute,
ich habe verdacht auf Spyware oder evtl. Keylogger.
Anzeichen:
-Monitor blinkt ab und zu mal, wie man das von Remote Viewer Programmen kennt
-Ab und zu andere Probleme, wie z.B. ein Desktop Symbol lässt sich nicht mehr verschieben.
Hier die Logs: Defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:50 on 05/02/2013 (Utka)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- OTLOTL Logfile: Code:
OTL logfile created on: 05.02.2013 10:52:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Utka\Desktop\Scan
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 46,28% Memory free
6,99 Gb Paging File | 3,99 Gb Available in Paging File | 57,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 539,55 Gb Free Space | 57,93% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 781,74 Gb Free Space | 83,92% Space Free | Partition Type: NTFS
Drive Z: | 5587,37 Gb Total Space | 4906,41 Gb Free Space | 87,81% Space Free | Partition Type: NTFS
Computer Name: UTKA-PC | User Name: Utka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.05 10:49:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Utka\Desktop\Scan\OTL.exe
PRC - [2013.01.29 09:18:58 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.28 22:54:58 | 001,273,856 | ---- | M] (www.bid-o-matic.org) -- C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
PRC - [2012.11.27 14:10:00 | 000,692,224 | ---- | M] () -- C:\Programme\onlinebrief24.de\ebdhelper.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.20 14:10:34 | 000,997,376 | ---- | M] (digital guru GmbH & Co. KG) -- C:\Programme\GREYHOUND\Client\GreyhoundPrinterHelper.exe
PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.04.11 00:15:28 | 000,387,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Silverlight\sllauncher.exe
PRC - [2012.02.15 22:55:32 | 000,131,584 | ---- | M] (Nenad Hrg SoftwareOK) -- C:\Users\Utka\Desktop\Programme\DesktopOK.exe
PRC - [2011.11.30 08:45:49 | 005,035,584 | ---- | M] (Euro Plus d.o.o.) -- C:\Programme\Common Files\EuroPlus Shared\LblServices.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2011.08.19 20:32:40 | 000,423,536 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.10.21 13:44:21 | 001,130,120 | ---- | M] (SPAMfighter ApS) -- C:\Programme\Fighters\FighterSuiteService.exe
PRC - [2010.10.21 13:44:00 | 000,189,064 | ---- | M] (SPAMfighter ApS) -- C:\Programme\Fighters\SPAMfighter\sfus.exe
PRC - [2010.08.04 17:38:30 | 000,065,536 | ---- | M] () -- C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe
PRC - [2010.05.28 14:51:00 | 002,480,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.05.02 21:25:44 | 000,498,096 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe
PRC - [2010.04.16 21:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.04.16 17:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.01.22 21:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010.01.22 21:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010.01.22 21:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\vmware-authd.exe
PRC - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009.11.12 04:42:50 | 000,661,072 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\System32\XSrvSetup.exe
PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.29 09:18:58 | 003,022,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.01.09 13:25:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 13:25:31 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013.01.09 13:25:31 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.09 12:30:22 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
MOD - [2013.01.09 12:30:18 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.09 12:30:15 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 12:30:15 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.09 12:30:14 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 12:30:11 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 12:30:07 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.11.27 14:10:00 | 000,692,224 | ---- | M] () -- C:\Programme\onlinebrief24.de\ebdhelper.exe
MOD - [2012.08.30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012.08.30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012.08.30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012.08.30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012.08.30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012.08.30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012.08.30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2011.04.19 15:56:16 | 000,036,864 | ---- | M] () -- C:\ProgramData\3CXMyPhone Client Addin\3CXTAPIClient.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.01.29 09:18:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 22:37:19 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.12 07:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.26 14:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.11.30 08:45:49 | 005,035,584 | ---- | M] (Euro Plus d.o.o.) [Auto | Running] -- C:\Programme\Common Files\EuroPlus Shared\LblServices.exe -- (LabelServices)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Running] -- C:\Programme\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-worker)
SRV - [2011.08.19 20:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2011.08.19 20:32:40 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011.03.25 09:10:28 | 000,134,984 | ---- | M] (PEERNET Inc.) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PNSvc9.exe -- (PEERNET Spooler Service 9.0)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.21 13:44:21 | 001,130,120 | ---- | M] (SPAMfighter ApS) [Disabled | Running] -- C:\Programme\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2010.10.21 13:44:00 | 000,189,064 | ---- | M] (SPAMfighter ApS) [Disabled | Running] -- C:\Program Files\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2010.08.04 17:38:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2010.05.28 14:51:00 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.05.28 10:54:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.02 21:25:44 | 000,498,096 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)
SRV - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) [Disabled | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.01.22 21:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010.01.22 21:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.01.22 21:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009.11.12 04:42:50 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\System32\XSrvSetup.exe -- (JMB36X)
SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.06.12 10:48:16 | 002,159,992 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Programme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ncplelhp.sys -- (ncplelhp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.06.14 18:33:26 | 000,585,560 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.05.21 14:10:52 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.10.20 11:48:00 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2011.10.20 11:48:00 | 000,013,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.08.23 18:03:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.12 09:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011.03.15 01:38:14 | 000,054,384 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bmdrvr.sys -- (bmdrvr)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.22 12:35:36 | 000,117,688 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\vcdc.sys -- (vcdc)
DRV - [2010.09.22 12:29:33 | 000,118,200 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcdc.sys -- (usbcdc)
DRV - [2010.09.22 12:23:32 | 000,201,784 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isdnusb.sys -- (isdnusb)
DRV - [2010.05.28 14:51:02 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.05.28 14:50:58 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm258.sys -- (tdrpman258)
DRV - [2010.05.28 14:50:56 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010.05.28 14:50:49 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.04.19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.02.08 08:54:42 | 000,028,208 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)
DRV - [2010.02.02 12:47:56 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010.02.02 12:47:56 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010.02.02 12:47:54 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2010.01.22 21:14:16 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010.01.22 21:14:14 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010.01.22 21:14:12 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010.01.22 21:14:12 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010.01.22 21:13:04 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2010.01.22 20:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010.01.22 16:13:00 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010.01.22 16:13:00 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2010.01.22 16:13:00 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009.12.14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec)
DRV - [2009.12.14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.10.29 09:14:32 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009.10.26 16:19:02 | 000,136,704 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009.10.26 16:19:00 | 000,058,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.10.12 13:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 01:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.06.12 08:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BRPAR.SYS -- (BrPar)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 17 31 67 3F FE CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "blanc"
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@kaspersky.com/Password Manager: C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\MODULE~1\npkpmAutofill.dll (Kaspersky Lab)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012.12.26 13:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012.12.26 13:00:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012.12.26 13:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.29 09:19:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.29 09:18:56 | 000,000,000 | ---D | M]
[2010.05.27 21:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\Extensions
[2013.02.01 10:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\Firefox\Profiles\rvj1kxti.default\extensions
[2010.05.28 13:23:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Utka\AppData\Roaming\mozilla\Firefox\Profiles\rvj1kxti.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.06.28 18:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\Firefox\Profiles\rvj1kxti.default\extensions\nostmp
[2013.02.01 10:25:49 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.13 12:18:55 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.01.31 16:19:46 | 000,000,950 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\searchplugins\icqplugin-1.xml
[2011.07.28 17:59:57 | 000,000,950 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\searchplugins\icqplugin-2.xml
[2011.08.19 09:45:14 | 000,000,950 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\searchplugins\icqplugin-3.xml
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\mozilla\firefox\profiles\rvj1kxti.default\searchplugins\icqplugin.xml
[2013.01.29 09:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.29 09:18:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.29 09:18:49 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013.01.29 09:18:49 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.01.29 09:18:58 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.27 08:43:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 16:06:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.27 08:43:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.27 08:43:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.27 08:43:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.27 08:43:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Utka\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: DVR Client (Enabled) = C:\windows\system32\WebClient\npwebclient.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Password Manager plugin = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\6.0.1.54\
CHR - Extension: Virtuelle Tastatur = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Anti-Banner = C:\Users\Utka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
O1 HOSTS File: ([2012.11.19 11:26:53 | 000,445,527 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 2O7.net
O1 - Hosts: 127.0.0.1 192.168.112.2O7.net
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 15300 more lines...
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [onlinebrief24-ebdhelper] C:\Programme\onlinebrief24.de\ebdhelper.exe ()
O4 - HKLM..\Run: [PTNMWND] C:\Program Files\Brother\ES Status Monitor\ptnmwnd.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [3CX MyPhone1653240284.192.168.2.154] C:\Users\Utka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3CX MyPhone.lnk ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DesktopOK] C:\Users\Utka\Desktop\Programme\DesktopOK.exe (Nenad Hrg SoftwareOK)
O4 - HKCU..\Run: [Greyhound Printer Helper] C:\Programme\GREYHOUND\Client\GreyhoundPrinterHelper.exe (digital guru GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Add to &Teleport - C:\Programme\Teleport Pro\teleport.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Kaspersky PURE - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\spIEBho.dll (Kaspersky Lab)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: dell ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: afterbuy.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: bmite.net ([sps] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: dyndns.org ([bmsec] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range3 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range4 ([*] in Vertrauenswürdige Sites)
O16 - DPF: {17220B00-60CD-4E50-A244-02ED7C8E6385} hxxp://192.168.2.174//DvrMaster.cab (DvrMasterCtrl Class)
O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} hxxp://58.248.16.60:8004/NEWIE.cab (NEWIE Control)
O16 - DPF: {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} hxxp://87.139.51.122:8888/ums_control.cab (UMS_AX_Ctrl Class)
O16 - DPF: {7773F3FE-6C5D-4FA7-8185-D7680FDCA276} hxxp://192.168.2.232/WebViewerH264S.cab (WebViewerH264 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {922EC374-7B73-4E7F-8AC9-64992FE0F523} hxxp://87.139.51.122:8888/ums_webviewer.cab (UMS_WebViewer Control)
O16 - DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://192.168.2.178:8383/AVC_AX_742.cab (AMCCtrl Class)
O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://demo.laviewsecurity.com:8010/WebClient.exe (WebClient Control)
O16 - DPF: {AFCBAA8B-7800-4F42-8F97-1C2AC1B6E7FE} hxxp://192.168.2.250/install.cab (NSActiveX Control)
O16 - DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} hxxp://192.168.2.232/cgi-bin/design/html_template/WebACS.cab (WebRemotePlayerControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19EF1563-C3BE-4283-BB7C-29C2C6D89165}: NameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.07.31 02:20:12 | 000,000,959 | RHS- | M] () - E:\autorun.bin -- [ NTFS ]
O32 - AutoRun File - [2000.06.07 15:37:12 | 000,000,046 | RHS- | M] () - E:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2001.08.16 10:42:52 | 000,002,238 | RHS- | M] () - E:\Autorun.ico -- [ NTFS ]
O32 - AutoRun File - [2006.06.29 19:49:46 | 000,017,213 | RHS- | M] () - E:\Autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2006.06.14 14:26:38 | 000,000,024 | RHS- | M] () - E:\autorun.txt -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.05 10:49:43 | 000,000,000 | ---D | C] -- C:\Users\Utka\Desktop\Scan
[2013.02.01 14:06:57 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2013.01.29 10:53:27 | 000,000,000 | ---D | C] -- C:\Users\Utka\Desktop\heidelpay
[2013.01.29 09:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.21 15:39:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.21 15:34:24 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2013.01.21 15:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2013.01.17 15:17:21 | 000,000,000 | ---D | C] -- C:\Users\Utka\AppData\Roaming\Kaspersky Lab
[2013.01.17 15:15:45 | 000,000,000 | --SD | C] -- C:\Users\Utka\Documents\Passwords Database
[2013.01.08 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\Utka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
[2013.01.08 19:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
[2010.06.14 22:45:51 | 001,638,400 | ---- | C] (LIGHTNING UK!) -- C:\Users\Utka\AppData\Local\ImgBurn.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.05 10:50:36 | 000,000,000 | ---- | M] () -- C:\Users\Utka\defogger_reenable
[2013.02.05 10:45:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.05 10:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.05 09:08:56 | 000,000,099 | ---- | M] () -- C:\Windows\Brownie.ini
[2013.02.05 09:08:54 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.04 17:46:58 | 001,153,906 | ---- | M] () -- C:\Users\Utka\Desktop\Balter Security Workshop Webshop.pdf
[2013.02.04 17:46:57 | 001,044,033 | ---- | M] () -- C:\Users\Utka\Desktop\Avaloid Workshop Webshop.pdf
[2013.02.04 17:46:57 | 000,826,032 | ---- | M] () -- C:\Users\Utka\Desktop\Avaloid GmbH Workshop.pdf
[2013.02.04 17:46:40 | 000,181,970 | ---- | M] () -- C:\Users\Utka\Desktop\Balter Security Workshop.pdf
[2013.02.04 16:14:28 | 000,002,064 | -H-- | M] () -- C:\Users\Utka\Documents\Default.rdp
[2013.02.04 15:43:40 | 000,320,467 | ---- | M] () -- C:\Users\Utka\Desktop\Vertrag Avaloid.pdf
[2013.02.04 13:57:29 | 000,002,341 | ---- | M] () -- C:\Users\Utka\Desktop\afterbuy - UPS - afterbuy.lnk
[2013.02.04 13:57:29 | 000,001,950 | ---- | M] () -- C:\Users\Utka\Desktop\zarplata.lnk
[2013.02.04 13:57:29 | 000,001,922 | ---- | M] () -- C:\Users\Utka\Desktop\aussenlager.lnk
[2013.02.04 13:57:29 | 000,001,711 | ---- | M] () -- C:\Users\Utka\Desktop\Freigegeben.lnk
[2013.02.04 13:16:17 | 000,002,054 | ---- | M] () -- C:\Users\Utka\Desktop\3CX.rdp
[2013.02.04 10:37:28 | 000,000,021 | ---- | M] () -- C:\Windows\UMS_WE~1.INI
[2013.02.01 14:07:35 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 14:07:35 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 13:55:07 | 000,001,963 | ---- | M] () -- C:\ads_err.dbf
[2013.02.01 13:40:14 | 000,702,814 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.01 13:40:14 | 000,657,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.01 13:40:14 | 000,150,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.01 13:40:14 | 000,122,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.31 15:45:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 15:45:23 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.30 16:06:38 | 002,372,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.30 14:08:39 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.23 10:31:32 | 000,002,194 | ---- | M] () -- C:\Users\Utka\AppData\Roaming\activebarcodeapp.ini
[2013.01.21 16:53:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\netcfg
[2013.01.17 12:30:07 | 036,395,908 | ---- | M] () -- C:\Users\Utka\Desktop\tube.rar
[2013.01.08 17:41:40 | 000,002,054 | ---- | M] () -- C:\Users\Utka\Desktop\Storage.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.05 10:50:36 | 000,000,000 | ---- | C] () -- C:\Users\Utka\defogger_reenable
[2013.02.04 17:46:38 | 001,153,906 | ---- | C] () -- C:\Users\Utka\Desktop\Balter Security Workshop Webshop.pdf
[2013.02.04 17:46:38 | 001,044,033 | ---- | C] () -- C:\Users\Utka\Desktop\Avaloid Workshop Webshop.pdf
[2013.02.04 17:46:38 | 000,826,032 | ---- | C] () -- C:\Users\Utka\Desktop\Avaloid GmbH Workshop.pdf
[2013.02.04 17:46:38 | 000,181,970 | ---- | C] () -- C:\Users\Utka\Desktop\Balter Security Workshop.pdf
[2013.02.04 15:43:40 | 000,320,467 | ---- | C] () -- C:\Users\Utka\Desktop\Vertrag Avaloid.pdf
[2013.02.04 13:16:17 | 000,002,054 | ---- | C] () -- C:\Users\Utka\Desktop\3CX.rdp
[2013.01.28 16:29:41 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.01.21 16:51:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\netcfg
[2013.01.21 15:34:24 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2013.01.17 16:27:31 | 000,524,924 | ---- | C] () -- C:\Users\Utka\Desktop\Stiftung Warentest - 2013 - 01 - Waschmaschinen.pdf
[2013.01.17 12:29:59 | 036,395,908 | ---- | C] () -- C:\Users\Utka\Desktop\tube.rar
[2013.01.08 17:41:40 | 000,002,054 | ---- | C] () -- C:\Users\Utka\Desktop\Storage.rdp
[2012.12.28 13:22:45 | 000,000,061 | ---- | C] () -- C:\Windows\System32\RBuilder.ini
[2012.10.10 09:41:00 | 000,162,184 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.09.18 17:53:40 | 000,000,021 | ---- | C] () -- C:\Windows\UMS_WE~1.INI
[2012.07.20 14:17:06 | 003,158,016 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_VIEWER.dll
[2012.06.25 15:01:58 | 000,221,184 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_H264.dll
[2012.06.25 15:01:36 | 000,086,016 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_JPEG.dll
[2012.06.20 10:07:42 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.04.06 11:47:53 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.04.06 11:47:52 | 000,138,056 | ---- | C] () -- C:\Users\Utka\AppData\Roaming\PnkBstrK.sys
[2012.04.06 11:47:20 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.04.06 11:47:17 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.03.20 20:15:49 | 000,179,200 | ---- | C] () -- C:\Windows\System32\exit32.dll
[2012.03.16 16:21:04 | 000,017,408 | ---- | C] () -- C:\Users\Utka\AppData\Local\WebpageIcons.db
[2012.01.03 17:20:26 | 000,151,552 | ---- | C] () -- C:\Windows\System32\utf8_2_font.dll
[2011.11.30 18:51:10 | 000,000,336 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2011.11.30 18:49:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC10A.DAT
[2011.11.23 12:33:52 | 005,111,934 | ---- | C] () -- C:\Users\Utka\qm580nw130us.blf
[2011.10.18 17:05:16 | 000,020,537 | ---- | C] () -- C:\Users\Utka\AppData\Roaming\UserTile.png
[2011.09.09 10:10:30 | 001,777,664 | ---- | C] () -- C:\Windows\System32\DVR_GUI.dll
[2011.08.23 15:07:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NetMsgDLL.dll
[2011.08.16 11:50:52 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2040.DAT
[2011.07.26 19:01:14 | 000,023,040 | ---- | C] () -- C:\Windows\System32\Simulation1.exe
[2011.05.26 10:04:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.26 10:03:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.05 11:24:54 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.04.05 11:24:51 | 000,031,265 | ---- | C] () -- C:\Windows\HL-5350DN.INI
[2011.04.05 11:24:45 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM08A.DAT
[2011.04.05 11:23:08 | 000,000,062 | ---- | C] () -- C:\Windows\System32\bd5350dn.dat
[2011.04.05 11:22:36 | 000,000,099 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.03.25 14:32:42 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_SCALE.dll
[2011.03.25 14:24:30 | 000,808,979 | ---- | C] () -- C:\Windows\System32\avcodec-52.84.0.dll
[2011.03.25 14:24:30 | 000,159,251 | ---- | C] () -- C:\Windows\System32\swscale-0.11.1.dll
[2011.03.25 14:24:30 | 000,086,528 | ---- | C] () -- C:\Windows\System32\avformat-52.74.0.dll
[2011.03.25 14:24:30 | 000,070,675 | ---- | C] () -- C:\Windows\System32\avutil-50.22.0.dll
[2011.03.14 15:11:34 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.03.14 15:11:33 | 000,001,843 | ---- | C] () -- C:\Windows\System32\RC98E1A0.dat
[2011.03.14 15:11:33 | 000,000,030 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.03.06 17:58:08 | 000,038,418 | ---- | C] () -- C:\Users\Utka\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.03.01 10:53:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\untargz.exe
[2011.01.12 20:55:23 | 000,002,194 | ---- | C] () -- C:\Users\Utka\AppData\Roaming\activebarcodeapp.ini
[2010.09.22 17:56:32 | 000,004,608 | ---- | C] () -- C:\Users\Utka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.22 17:52:12 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.22 17:52:12 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A4CD519AB9.sys
[2010.06.14 22:45:51 | 000,226,816 | ---- | C] () -- C:\Users\Utka\AppData\Local\tsMuxeR.exe
[2010.05.28 14:07:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.28 10:05:34 | 000,007,605 | ---- | C] () -- C:\Users\Utka\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2006.08.16 11:51:08 | 000,008,818 | ---- | M] () -- C:\Users\All Users\{ED71B2BE-720D-4B05-85A7-E41D2F83424B}\offline\9D3195FD\70EC2F7\N.wmf
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.02.13 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\3CX Outlook Integration
[2012.02.13 12:41:44 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\3CXMyPhone Client Addin
[2010.11.24 15:10:53 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Acronis
[2013.02.05 10:53:03 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\BOM
[2010.10.17 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Buhl Data Service GmbH
[2010.11.04 10:31:25 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Common Toolkit Suite
[2011.08.23 18:05:40 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\DAEMON Tools Lite
[2010.06.14 11:42:15 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Deutsche Telekom AG
[2013.01.12 16:11:16 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Dropbox
[2012.11.28 11:42:15 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\eBriefdienst
[2011.01.05 22:17:48 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\EurekaLog
[2010.11.04 10:31:26 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Fighters
[2013.01.23 16:35:36 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\FileZilla
[2012.02.20 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\GetRightToGo
[2011.10.24 16:22:27 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\gotomaxx
[2011.04.05 14:15:24 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\GREYHOUND
[2011.08.23 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\ICQ
[2011.05.18 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\ImgBurn
[2012.09.11 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\LANCOM
[2010.10.17 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\LetsTrade
[2012.05.03 19:01:46 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Might & Magic Heroes VI
[2012.04.06 11:22:11 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Origin
[2010.06.04 16:03:31 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\PC-FAX TX
[2011.10.18 17:05:16 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\PeerNetworking
[2010.06.07 11:41:43 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Radmin
[2012.06.25 09:55:36 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\redsn0w
[2010.12.08 13:33:47 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\SYNCING.NET
[2011.02.17 15:05:38 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\TAPICall
[2013.01.31 10:31:06 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\TeamViewer
[2011.02.22 18:28:41 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\Thinstall
[2011.02.15 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\webex
[2010.06.29 11:14:29 | 000,000,000 | ---D | M] -- C:\Users\Utka\AppData\Roaming\WebMoney
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:41ADDB8A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A064CECC
< End of report >
--- --- --- GMER GMER
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-08 09:23:05
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP7T0L0-c SAMSUNG_HD103UJ rev.1AA01118 931,51GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Utka\AppData\Local\Temp\kxldapow.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x94042392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9405D21C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9405D552]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9405D8C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x94042E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9405CF04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x9404337E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9404326C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9405D3C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9404214E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x94043496]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x9405E810]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x940429C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x94042B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x940435AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9405D48A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x94043856]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x94042E4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x94044858]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x94043948]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x9405E830]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x9405B6F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x94043410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x940432F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x940425CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x94043C98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x94043528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x940424C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwPlugPlayControl [0x9405E820]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x94043664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x9405B8EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x940441DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x94043AE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9405D6B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9405D604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9405D722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x940446FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9405D08C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x94042CAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x94043702]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x9404432A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x9404441E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x94044558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x94043778]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9404276C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x940426C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x94044092]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x94042858]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83A92A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83ACC4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 83AD350C 4 Bytes [92, 23, 04, 94] {XCHG EDX, EAX; AND EAX, [ESP+EDX*4]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83AD3534 8 Bytes [1C, D2, 05, 94, 52, D5, 05, ...] {SBB AL, 0xd2; ADD EAX, 0x5d55294; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83AD3578 4 Bytes [C8, D8, 05, 94] {ENTER 0x5d8, 0x94}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83AD35A4 4 Bytes [0C, 2E, 04, 94] {OR AL, 0x2e; ADD AL, 0x94}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83AD35C8 4 Bytes [04, CF, 05, 94]
.text ...
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xAE539400, 0x87EE2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE5DD620] C:\Windows\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE5DD620]
.protect˙˙˙˙hardlockunknown last code section [0xAE5DD400, 0x5126, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xAE5DD400, 0x5126, 0xE0000020]
.text peauth.sys B043FC9D 28 Bytes [8F, 10, EE, D5, EA, C1, 27, ...]
.text peauth.sys B043FCC1 28 Bytes [8F, 10, EE, D5, EA, C1, 27, ...]
---- User code sections - GMER 2.0 ----
? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[756] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[756] ntdll.dll!NtProtectVirtualMemory 77AB5F18 5 Bytes JMP 6B8C17E3 C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[756] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 0.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[756] user32.dll!NotifyWinEvent + 6AE 760BD66C 4 Bytes [56, 27, 8C, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] kernel32.dll!CreateThread 76A4DCC2 5 Bytes JMP 6AD975DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!EnableWindow 760A8D02 5 Bytes JMP 6ADD9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CallNextHookEx 760AABE1 5 Bytes JMP 6ADF7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!UnhookWindowsHookEx 760AADF9 5 Bytes JMP 6AE1ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DefWindowProcA 760ABB1C 7 Bytes JMP 6AD99805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateWindowExA 760ABF40 5 Bytes JMP 6ADA363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!SetWindowsHookExW 760AE30C 5 Bytes JMP 6ADD25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateWindowExW 760AEC7C 5 Bytes JMP 6AE003CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DefWindowProcW 760B507D 7 Bytes JMP 6ADF8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxParamW 760C3B9B 5 Bytes JMP 6AD31893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxIndirectParamW 760D3B7F 5 Bytes JMP 6AF28FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxParamA 760ECF42 5 Bytes JMP 6AF28F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxIndirectParamA 760ED274 5 Bytes JMP 6AF2901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxIndirectA 760FE869 5 Bytes JMP 6AF28ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxIndirectW 760FE963 5 Bytes JMP 6AF28E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxExA 760FE9C9 5 Bytes JMP 6AF28DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxExW 760FE9ED 5 Bytes JMP 6AF28D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] ole32.dll!OleLoadFromStream 76AE6143 5 Bytes JMP 6AF29784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2552] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2552] ntdll.dll!NtProtectVirtualMemory 77AB5F18 5 Bytes JMP 6B8C17E3 C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2552] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 0.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2552] user32.dll!NotifyWinEvent + 6AE 760BD66C 4 Bytes [56, 27, 8C, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!EnableWindow 760A8D02 5 Bytes JMP 6ADD9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!DialogBoxParamW 760C3B9B 5 Bytes JMP 6AD31893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!DialogBoxIndirectParamW 760D3B7F 5 Bytes JMP 6AF28FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!DialogBoxParamA 760ECF42 5 Bytes JMP 6AF28F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!DialogBoxIndirectParamA 760ED274 5 Bytes JMP 6AF2901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!MessageBoxIndirectA 760FE869 5 Bytes JMP 6AF28ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!MessageBoxIndirectW 760FE963 5 Bytes JMP 6AF28E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!MessageBoxExA 760FE9C9 5 Bytes JMP 6AF28DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6640] USER32.dll!MessageBoxExW 760FE9ED 5 Bytes JMP 6AF28D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{C076555F-69CE-11DF-8429-806E6F6E6963} 13523734184
---- Files - GMER 2.0 ----
File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\parctl 0 bytes
File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\parctl\parctl-0607g.krg 929 bytes
File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\parctl\parctl-0607g.xml 5191 bytes
File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\parctl\parctl.stt 21 bytes |
