FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Antje (administrator) on ANTJE-PC on 29-07-2014 07:17:23
Running from C:\Users\Antje\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\ProgDVB\ProgLauncher.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [ProgLauncher] => C:\Program Files\ProgDVB\ProgLauncher.exe [381352 2014-04-04] ()
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2815109442-3409531166-1884801714-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\phase-6\reminder\reminder.exe (phase-6)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicyUsers\S-1-5-21-2815109442-3409531166-1884801714-1001\user: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D091833DCFFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545
FF Homepage: hxxp://www.ksta.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\ich@maltegoetz.de [2014-05-05]
FF Extension: NoScript - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-12]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2014-04-26]
FF Extension: Adblock Plus - C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\3kvfaz3i.default-1397279073545\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-12]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-23]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-02-28]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-09-21] (Intel Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [437080 2014-07-01] (Garmin Ltd or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462088 2012-06-19] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [116224 2012-02-09] ()
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [29992 2012-01-13] (ASRock Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21952 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21952 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [39360 2012-02-09] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-26] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-23] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-23] (Kaspersky Lab ZAO)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-02-04] (Padus, Inc.) [File not signed]
R3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2010-05-10] (TechniSat Digital, S.A.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [31680 2014-07-29] ()
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S1 nvport; \??\C:\Windows\system32\Drivers\nvport.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 07:17 - 2014-07-29 07:17 - 00015683 _____ () C:\Users\Antje\Desktop\FRST.txt
2014-07-29 07:15 - 2014-07-29 07:15 - 00086976 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-29 07:15 - 2014-07-29 07:15 - 00000056 _____ () C:\Windows\setupact.log
2014-07-29 07:15 - 2014-07-29 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 07:14 - 2014-07-29 07:14 - 00000330 _____ () C:\Windows\PFRO.log
2014-07-28 21:35 - 2014-07-28 20:32 - 00380416 _____ () C:\Users\Antje\Desktop\Gmer-19357.exe
2014-07-28 21:35 - 2014-07-28 20:31 - 01084416 _____ (Farbar) C:\Users\Antje\Desktop\FRST.exe
2014-07-27 21:40 - 2014-07-27 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ffdshow
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-10 11:06 - 2014-06-28 16:39 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-07-10 08:03 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 08:03 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 08:03 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 08:03 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 08:03 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 08:03 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 08:03 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 08:03 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 08:03 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 08:03 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 08:03 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 08:03 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 08:03 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 08:03 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 08:03 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 08:03 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 08:03 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 08:03 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 08:03 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 08:03 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 08:03 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 08:03 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 08:03 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 08:03 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 08:03 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 08:03 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 08:03 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 08:03 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 08:03 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 08:03 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 08:03 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 08:03 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 08:03 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 08:03 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 08:03 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 08:03 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 08:03 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 08:03 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 21:46 - 2014-07-09 21:46 - 00001032 _____ () C:\Users\Public\Desktop\TSDoctor.lnk
2014-07-09 01:07 - 2014-07-09 01:07 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-08 16:45 - 2014-07-08 16:45 - 00001905 _____ () C:\Users\Antje\Desktop\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00001855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-07-08 16:22 - 2014-07-08 16:22 - 00002156 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forge of Empires.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002191 _____ () C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002081 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
2014-07-08 09:16 - 2014-07-08 09:17 - 00995769 _____ () C:\Users\Antje\Downloads\Odin3_v3.09.zip
2014-07-07 20:43 - 2014-07-07 20:43 - 00000988 _____ () C:\Users\Antje\Desktop\Garmin Express.lnk
2014-07-07 20:41 - 2014-07-07 20:41 - 00001088 _____ () C:\Users\Antje\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 20:19 - 2014-07-07 20:22 - 00001864 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00001081 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2014-07-06 09:48 - 2014-07-06 09:49 - 85744960 _____ () C:\Users\Kinder\Downloads\phase-6-desktop-2.3.4-windows-installer.exe
2014-06-29 10:32 - 2014-07-06 09:53 - 00000000 ____D () C:\ProgramData\Phase6
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 07:18 - 2014-07-29 07:17 - 00015683 _____ () C:\Users\Antje\Desktop\FRST.txt
2014-07-29 07:17 - 2014-06-25 23:48 - 00000000 ____D () C:\FRST
2014-07-29 07:17 - 2013-12-23 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 07:16 - 2013-12-23 17:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-29 07:15 - 2014-07-29 07:15 - 00086976 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-29 07:15 - 2014-07-29 07:15 - 00000056 _____ () C:\Windows\setupact.log
2014-07-29 07:15 - 2014-07-29 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-29 07:15 - 2014-06-26 07:16 - 00031680 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-07-29 07:15 - 2014-03-07 20:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-29 07:15 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 07:14 - 2014-07-29 07:14 - 00000330 _____ () C:\Windows\PFRO.log
2014-07-28 23:30 - 2014-03-31 18:48 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\BOM
2014-07-28 23:30 - 2013-12-23 14:14 - 01375666 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 23:07 - 2013-12-30 12:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 21:46 - 2010-11-20 23:01 - 01632792 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 20:32 - 2014-07-28 21:35 - 00380416 _____ () C:\Users\Antje\Desktop\Gmer-19357.exe
2014-07-28 20:31 - 2014-07-28 21:35 - 01084416 _____ (Farbar) C:\Users\Antje\Desktop\FRST.exe
2014-07-28 19:59 - 2014-01-19 19:17 - 00000000 ____D () C:\Users\Antje\Documents\Turbo Lister Backup
2014-07-28 19:29 - 2009-07-14 06:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 19:29 - 2009-07-14 06:34 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 18:56 - 2014-03-18 08:15 - 00000000 ____D () C:\Windows\Minidump
2014-07-27 21:40 - 2014-07-27 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 13:03 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-27 11:11 - 2014-04-01 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-27 11:11 - 2014-04-01 23:03 - 00000000 ____D () C:\Program Files\Garmin
2014-07-27 11:09 - 2014-05-01 15:30 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Tyre
2014-07-27 11:01 - 2014-02-28 18:02 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Mp3tag
2014-07-27 07:04 - 2014-04-05 07:58 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\ALFBanCo5
2014-07-27 07:04 - 2014-04-05 07:58 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2014-07-27 06:56 - 2014-04-05 07:58 - 00000000 ____D () C:\Program Files\ALFBanCo5
2014-07-27 06:30 - 2014-04-12 07:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 18:20 - 2013-12-30 18:19 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\vlc
2014-07-11 04:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-11 03:23 - 2009-07-14 06:33 - 00282576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 03:21 - 2014-05-01 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 03:21 - 2011-04-12 03:38 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 03:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-11 03:04 - 2013-12-23 16:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 03:01 - 2013-12-23 16:57 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ffdshow
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-10 10:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-07-09 21:46 - 2014-07-09 21:46 - 00001032 _____ () C:\Users\Public\Desktop\TSDoctor.lnk
2014-07-09 21:46 - 2013-12-31 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSDoctor
2014-07-09 18:03 - 2014-04-11 20:11 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\AccurateRip
2014-07-09 01:07 - 2014-07-09 01:07 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 01:07 - 2013-12-30 12:23 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 01:07 - 2013-12-30 12:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 16:45 - 2014-07-08 16:45 - 00001905 _____ () C:\Users\Antje\Desktop\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00001855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-07-08 16:45 - 2014-07-08 16:45 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-07-08 16:22 - 2014-07-08 16:22 - 00002156 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forge of Empires.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002191 _____ () C:\Users\Public\Desktop\Free DVD Video Burner.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00002081 _____ () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-08 16:21 - 2014-07-08 16:21 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Users\Antje\AppData\Roaming\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-08 16:21 - 2014-01-05 21:37 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-08 09:17 - 2014-07-08 09:16 - 00995769 _____ () C:\Users\Antje\Downloads\Odin3_v3.09.zip
2014-07-07 20:43 - 2014-07-07 20:43 - 00000988 _____ () C:\Users\Antje\Desktop\Garmin Express.lnk
2014-07-07 20:41 - 2014-07-07 20:41 - 00001088 _____ () C:\Users\Antje\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 20:23 - 2014-05-14 18:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-07 20:22 - 2014-07-07 20:19 - 00001864 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-07 20:22 - 2014-04-01 23:04 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-06 09:53 - 2014-06-29 10:32 - 00000000 ____D () C:\ProgramData\Phase6
2014-07-06 09:51 - 2014-07-06 09:51 - 00001081 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-07-06 09:51 - 2014-07-06 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
2014-07-06 09:49 - 2014-07-06 09:48 - 85744960 _____ () C:\Users\Kinder\Downloads\phase-6-desktop-2.3.4-windows-installer.exe
2014-06-30 03:40 - 2014-07-10 08:03 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:36 - 2014-07-10 08:03 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 21:55 - 2013-12-23 15:28 - 00000400 _____ () C:\Windows\ODBC.INI
2014-06-29 21:54 - 2013-12-23 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-29 17:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 00:53
==================== End Of Log ============================
--- --- --- Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-29 08:06:00
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000064 ATA_____ rev.1A01 931,51GB
Running: Gmer-19357.exe; Driver: g:\temp\kgdorpow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x9256B990]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x9251C1CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x9251C400]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x9251BFC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x9256E55C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x9252FE90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x9256D98C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x9256DBD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x9256D51E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x9250C640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x9256BAD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x9256B5FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x9252FEB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x9256D052]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9256E78C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x9256D67E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x9252FEA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryIntervalProfile [0x9252FEE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x9256E1C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x9251C2D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x9256DEE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x9251C0C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x9256E048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x9250CA5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x9256B936]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x9256D25A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x9256DD82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x9250CA6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x9256D3C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x9256D882]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x9256E894]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x9256E61E]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83055A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8308F212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8309646C 4 Bytes [90, B9, 56, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83096494 4 Bytes [CE, C1, 51, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 830964D8 4 Bytes [00, C4, 51, 92] {ADD AH, AL; PUSH ECX; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83096528 4 Bytes [C8, BF, 51, 92] {ENTER 0x51bf, 0x92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8309658C 4 Bytes [5C, E5, 56, 92] {POP ESP; IN EAX, 0x56; XCHG EDX, EAX}
.text ...
init C:\Windows\system32\drivers\MBfilt32.sys entry point in "init" section [0x95FDB090]
---- User code sections - GMER 2.1 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] ntdll.dll!NtProtectVirtualMemory 772C5F58 5 Bytes JMP 6EF41ED6 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] USER32.dll!NotifyWinEvent + 5B2 7656D570 4 Bytes [0B, 26, F4, 6E] {OR ESP, [ESI]; HLT ; OUTS DX, BYTE [ESI]}
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] USER32.dll!NotifyWinEvent + 6AE 7656D66C 4 Bytes [1B, 2F, F4, 6E] {SBB EBP, [EDI]; HLT ; OUTS DX, BYTE [ESI]}
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe[164] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2884] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2884] C:\Windows\system32\USER32.dll time/date stamp mismatch; unknown module: CFGMGR32.dllunknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2884] USER32.dll!NotifyWinEvent + 5B2 7656D570 4 Bytes [0B, 26, F4, 6E] {OR ESP, [ESI]; HLT ; OUTS DX, BYTE [ESI]}
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe[2884] USER32.dll!NotifyWinEvent + 6AE 7656D66C 4 Bytes [1B, 2F, F4, 6E] {SBB EBP, [EDI]; HLT ; OUTS DX, BYTE [ESI]}
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtCreateFile 772C5608 5 Bytes JMP 53B55560 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtFlushBuffersFile 772C5998 5 Bytes JMP 53B37D24 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtQueryFullAttributesFile 772C6028 5 Bytes JMP 53B37A30 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtReadFile 772C62F8 5 Bytes JMP 53B37C20 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtReadFileScatter 772C6308 5 Bytes JMP 54444D6F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtWriteFile 772C6AA8 5 Bytes JMP 53B56110 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!NtWriteFileGather 772C6AB8 5 Bytes JMP 54444D1E C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] ntdll.dll!LdrLoadDll 772E22AE 5 Bytes JMP 56EB1F43 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 764B94E6 7 Bytes JMP 543B47C5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] kernel32.dll!QueryPerformanceCounter + 13 764BC4E5 7 Bytes JMP 543B47E8 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] kernel32.dll!LoadAppInitDlls + 355 764BF5A6 7 Bytes JMP 53B52176 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] USER32.dll!GetWindowInfo 76564B5E 5 Bytes JMP 542BE6D9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4280] GDI32.dll!GetViewportOrgEx + 26C 7642884B 7 Bytes JMP 543B4746 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] ntdll.dll!LdrGetProcedureAddress + 26 772E22A9 7 Bytes JMP 5795578A C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 764B94E6 7 Bytes JMP 585F384C C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] kernel32.dll!QueryPerformanceCounter + 13 764BC4E5 7 Bytes JMP 585F3804 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] kernel32.dll!LoadAppInitDlls + 355 764BF5A6 7 Bytes JMP 57966538 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] USER32.dll!GetWindowInfo 76564B5E 5 Bytes JMP 5817918D C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4960] GDI32.dll!GetViewportOrgEx + 26C 7642884B 7 Bytes JMP 585F3873 C:\Program Files\Mozilla Thunderbird\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 178148726
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 0.0.0.0
---- EOF - GMER 2.1 ----
|
So funktioniert es: