| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bluescreens und VirenbedrohungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.06.2013, 14:14
| #1 |
 |  Bluescreens und Virenbedrohungen Guten Tag, mein PC verhält sich in letzter Zeit recht merkwürdig. Ich bekomme laufend Bluescreens, beim Hochfahren bzw. runterfahren, oder kurz nach dem Hochfahren. Manchmal kommt auch die Meldung, das Änderungen im BIOS unternohmen wurde, von denen ich aber keine Ahnung hab. (CPU-Takt und RAM-Takt bzw. alle Daten bleiben aber gleich). Außerdem läd mein Internet recht langsam und manche Internet Seiten bauen sich gar nicht mehr richtig auf. Zudem zeigt mir Kaspersky nach jedem Scan Bedrohungen an, die sich alle Ausnahmslos in Firefox Cache zu finden sind: B46CFm01 Nicht desinfizierte Objekte: HiddenObject.Multi.Generic 19.06.2013 08:25:36 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\C\0B\ Zurückgestellt Untersuchung des Computers B46CFm01 Gefunden: HiddenObject.Multi.Generic 19.06.2013 08:25:36 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\C\0B\ Protokolliert Untersuchung des Computers 9125Bm01 Nicht desinfizierte Objekte: HiddenObject.Multi.Generic 19.06.2013 08:25:28 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\5\03\ Zurückgestellt Untersuchung des Computers 9125Bm01 Gefunden: HiddenObject.Multi.Generic 19.06.2013 08:25:28 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\5\03\ Protokolliert Untersuchung des Computers 90E1Em01 Nicht desinfizierte Objekte: HiddenObject.Multi.Generic 19.06.2013 08:25:27 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\4\84\ Zurückgestellt Untersuchung des Computers 90E1Em01 Gefunden: HiddenObject.Multi.Generic 19.06.2013 08:25:27 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\4\84\ Protokolliert Untersuchung des Computers 3B61Bm01 Nicht desinfizierte Objekte: HiddenObject.Multi.Generic 19.06.2013 08:25:27 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\3\CB\ Zurückgestellt Untersuchung des Computers 3B61Bm01 Gefunden: HiddenObject.Multi.Generic 19.06.2013 08:25:26 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\3\CB\ Protokolliert Untersuchung des Computers All das sind die Bedrohungen die mir Kaspersky angezeigt hat. Noch die anderen Scans zu denen man "angewiesen" wurde  Defogger Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:00 on 19/06/2013 (alex)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 19.06.2013 15:03:39 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alex\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,93 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 77,53% Memory free 15,85 Gb Paging File | 14,16 Gb Available in Paging File | 89,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 25,33 Gb Free Space | 22,68% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\alex\Downloads\Defogger.exe () PRC - C:\Users\alex\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel(R) Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\alex\Downloads\Defogger.exe () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () ========== Services (SafeList) ========== SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (XTU3SERVICE) -- C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel(R) Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation) DRV:64bit: - (HWiNFO32) -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS (REALiX(tm)) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd) DRV:64bit: - (rzendpt) -- C:\Windows\SysNative\drivers\rzendpt.sys (Razer USA Ltd) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (AcpiCtlDrv) -- C:\Windows\SysNative\drivers\AcpiCtlDrv.sys (Intel Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation ) DRV:64bit: - (e1qexpress) -- C:\Windows\SysNative\drivers\e1q62x64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (bulkadi) -- C:\Windows\SysNative\drivers\bulkrazer_x64.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (iocbios2) -- C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys (Intel Corporation) DRV - (EfiVariable) -- C:\Windows\SysWOW64\drivers\variable64.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 D8 7E FE 00 3A CE 01 [binary data] IE - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119828&babsrc=SP_ss&mntrId=60A5E0CB4E8B8E4A IE - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\alex\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\alex\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\alex\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.05.25 03:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Extensions [2013.06.08 19:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\l3fiemti.default\extensions [2013.06.08 19:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\l3fiemti.default\extensions\trash [2013.05.26 03:36:52 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\l3fiemti.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.06.05 16:11:46 | 000,166,279 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\l3fiemti.default\extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013.05.25 03:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.25 03:23:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.04.23 16:50:37 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM ========== Chrome ========== CHR - default_search_provider: Delta Search (Enabled) CHR - default_search_provider: search_url = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119828&babsrc=SP_ss&mntrId=60A5E0CB4E8B8E4A CHR - default_search_provider: suggest_url = CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Docs = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: Google Mail = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM) O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2219949675-2119565610-2197399653-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2219949675-2119565610-2197399653-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2219949675-2119565610-2197399653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6821D127-AFC2-40CD-9217-DECEC02DF96D}: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F04375FE-AF71-4E32-B2C6-07D7C75E5B95}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\raidcall.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\uninst.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\raidcall.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\uninst.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" File not found O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.18 13:12:08 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.06.16 14:13:46 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\actors [2013.06.09 17:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.06.09 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.06.09 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.06.09 17:13:15 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Secunia PSI [2013.06.09 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.06.09 17:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.09 17:02:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.09 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.05 15:07:56 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\CustomSettingNames_en-EN - fps limiter [2013.06.05 15:06:05 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\nvidiaInspector [2013.06.04 16:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2013.05.31 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\lel [2013.05.26 03:42:12 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Malwarebytes [2013.05.26 03:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.25 03:23:51 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Mozilla [2013.05.25 03:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.25 03:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.24 13:22:21 | 000,000,000 | ---D | C] -- C:\Users\alex\Documents\NeocoreGames [2013.05.20 15:12:24 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\NVIDIA [2013.05.20 15:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.02.24 00:10:36 | 000,020,432 | ---- | C] (Intel Corporation) -- C:\Users\alex\AppData\Roaming\JomCap.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.19 15:00:31 | 000,000,000 | ---- | M] () -- C:\Users\alex\defogger_reenable [2013.06.19 14:58:05 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 14:58:05 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 14:57:50 | 001,613,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.19 14:57:50 | 000,696,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.19 14:57:50 | 000,652,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.19 14:57:50 | 000,148,174 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.19 14:57:50 | 000,121,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.19 14:51:09 | 000,001,924 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600.lnk [2013.06.19 14:50:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.19 08:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.18 13:16:24 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.06.15 19:42:50 | 000,659,035 | ---- | M] () -- C:\Users\alex\Desktop\1305700854860.jpg [2013.06.15 13:07:32 | 000,000,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.06.15 01:23:09 | 000,025,766 | ---- | M] () -- C:\Users\alex\Desktop\cc_20130615_012304.reg [2013.06.15 01:22:10 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.14 19:28:48 | 002,684,521 | ---- | M] () -- C:\Users\alex\Desktop\Vivienne-Westwood-Union-Jack-Wallpaper-£130-a-roll.jpg [2013.06.14 00:08:32 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2219949675-2119565610-2197399653-1001UA.job [2013.06.14 00:08:32 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2219949675-2119565610-2197399653-1001Core.job [2013.06.09 17:02:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.08 16:42:36 | 000,001,190 | ---- | M] () -- C:\Users\alex\Desktop\CrystalDiskInfo.lnk [2013.06.07 12:16:36 | 000,159,264 | ---- | M] () -- C:\Users\alex\Desktop\973782_541870045850394_1032246083_n.jpg [2013.06.07 12:16:32 | 000,165,441 | ---- | M] () -- C:\Users\alex\Desktop\975702_541869935850405_1053291288_n.jpg [2013.06.06 22:47:48 | 000,002,362 | ---- | M] () -- C:\Users\alex\Desktop\Google Chrome.lnk [2013.06.04 16:57:31 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.05.27 05:14:31 | 001,352,471 | ---- | M] () -- C:\Users\alex\Desktop\TwAgD.png [2013.05.25 03:20:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.25 03:20:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.20 15:11:50 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.19 15:00:31 | 000,000,000 | ---- | C] () -- C:\Users\alex\defogger_reenable [2013.06.15 19:42:49 | 000,659,035 | ---- | C] () -- C:\Users\alex\Desktop\1305700854860.jpg [2013.06.15 13:07:32 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.06.15 01:23:07 | 000,025,766 | ---- | C] () -- C:\Users\alex\Desktop\cc_20130615_012304.reg [2013.06.15 01:22:10 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.14 19:28:47 | 002,684,521 | ---- | C] () -- C:\Users\alex\Desktop\Vivienne-Westwood-Union-Jack-Wallpaper-£130-a-roll.jpg [2013.06.09 17:16:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.09 17:13:10 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.06.09 17:02:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.08 16:42:36 | 000,001,190 | ---- | C] () -- C:\Users\alex\Desktop\CrystalDiskInfo.lnk [2013.06.07 12:16:36 | 000,159,264 | ---- | C] () -- C:\Users\alex\Desktop\973782_541870045850394_1032246083_n.jpg [2013.06.07 12:16:30 | 000,165,441 | ---- | C] () -- C:\Users\alex\Desktop\975702_541869935850405_1053291288_n.jpg [2013.06.04 16:57:31 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.05.27 05:14:00 | 001,352,471 | ---- | C] () -- C:\Users\alex\Desktop\TwAgD.png [2013.05.25 03:23:49 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.25 03:20:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.25 03:20:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.20 15:11:50 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.04.15 19:22:14 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.11 01:05:48 | 000,005,886 | ---- | C] () -- C:\Users\alex\AppData\Local\recently-used.xbel [2013.01.19 16:56:04 | 000,003,072 | ---- | C] () -- C:\Users\alex\AppData\Local\file__0.localstorage [2012.12.11 14:02:00 | 000,000,680 | RHS- | C] () -- C:\Users\alex\ntuser.pol [2012.11.25 19:01:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.09.28 17:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012.09.02 21:40:00 | 001,590,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.02 21:38:23 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.02 21:38:17 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.09.02 21:38:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.18 22:11:18 | 000,017,408 | ---- | C] () -- C:\Users\alex\AppData\Local\WebpageIcons.db [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.15 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Babylon [2013.03.17 21:25:09 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Bioshock [2012.06.21 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Codemasters [2013.02.10 19:26:18 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.04.15 19:22:12 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DesktopIconForAmazon [2013.02.13 16:22:58 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DVDVideoSoft [2013.05.27 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.18 21:37:18 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ESET [2012.06.17 14:47:27 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\fltk.org [2012.07.03 19:11:35 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\LolClient [2013.06.10 22:29:17 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Mumble [2013.04.15 19:22:12 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\OCS [2013.04.15 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Opera [2013.03.09 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Origin [2013.04.14 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\raidcall [2012.11.12 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Rainmeter [2012.12.26 19:22:15 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\RIFT [2012.12.15 20:33:14 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\runic games [2012.09.29 23:43:21 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\SplitMediaLabs [2013.01.01 21:46:33 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\TeamViewer [2013.06.15 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\TS3Client [2012.11.30 19:02:45 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\TuneUp Software [2012.11.23 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\uTorrent [2012.12.04 09:11:59 | 000,000,000 | ---D | M] -- C:\Users\Beatrix\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 15:12:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Corsair_Force_GT rev.1.3.3 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\alex\AppData\Local\Temp\kxldrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a6fa88 5 bytes JMP 00000001732619b0
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a70018 5 bytes JMP 0000000173262066
.text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072181a22 2 bytes [18, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072181ad0 2 bytes [18, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072181b08 2 bytes [18, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072181bba 2 bytes [18, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072181bda 2 bytes [18, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1016:4704] 000007fef2889688
---- EOF - GMER 2.1 ----
Falls sich irgendwas sich zwielichtig anhört, kann ich versichern das ich erlich bin und keine Piraterie vorhab. (geht auch schlecht mit 120gb festplatte). Alle Programme/Spiele sind legal erworben, meiste in Steam. |
| Themen zu Bluescreens und Virenbedrohungen |
| bho, browser, converter, ebanking, error, eset smart security, festplatte, firefox, flash player, format, helper, home, internet, kaspersky, kaspersky internet security 2013, langsam, launch, logfile, monitor.exe, mozilla, mp3, ntdll.dll, officejet, plug-in, realtek, registry, scan, secunia psi, security, senden, server, svchost.exe, tastatur, windows |
Baum-Darstellung