Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Remote Backdoor trapped. Tricky stuff....+


  • Please log in to reply

#1
sasso

sasso

    New Member

  • Member
  • Pip
  • 1 posts
hi,

hope someone could help me please. I ve got a long time ago trouble with my WIndows Systems til now. Don t wanna say how long....
It began with my easy Box 803 Modem, few weeks ago someone detected that there is a security problem in the standard settings and if someone knew that, he could enter the wlan with out any problem. A lot of people which bought the hardware before sep 2011 were vulnerable.
so i think i was attacked over this way.

dont wanna talk so long, so these 2 examples describes my problems the nearest....

http://www.geekstogo...co-maxss-pihar/
http://www.geekstogo...-era/#more-1976

got big problems only to boot, there are virtual usb loop Devices before i am able to start any program or stick or cd ....
If i was wable to install win 7 64 bit, after the installation, windows was only 500 mb big. and i was remoted 10 seconds later. data and printers were completelly unsecured and so on....
i tried ubuntu but it was not better after that.
I made a log with otl and hope that i will soon get help.

Thanks!!!!!!!!

quote]

OTL logfile created on: 22.09.2013 13:58:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\k\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 23,72% Memory free
7,98 Gb Paging File | 4,68 Gb Available in Paging File | 58,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 443,26 Gb Free Space | 95,19% Space Free | Partition Type: NTFS
Drive D: | 101,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 6,45 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: K-PC | User Name: k | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.09.22 13:48:58 | 001,068,040 | ---- | M] (Solid State Networks) -- C:\Users\k\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih[1].exe
PRC - [2013.09.22 13:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\k\Downloads\OTL.exe
PRC - [2013.09.22 13:06:09 | 000,228,000 | ---- | M] (Browzar Ltd.) -- C:\Users\k\AppData\Local\Temp\Temp1_BrowzarBlack2000.zip\BrowzarBlack2000.exe
PRC - [2013.09.22 10:30:43 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013.07.01 20:43:54 | 000,713,288 | ---- | M] (Famatech Corp.) -- C:\Users\k\AppData\Local\Temp\Advanced IP Scanner 2\advanced_ip_scanner.exe
PRC - [2013.05.16 12:49:34 | 004,493,536 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe
PRC - [2013.05.16 12:49:34 | 000,303,368 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
PRC - [2013.02.21 21:06:05 | 055,707,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\WU-IE10-Windows7-x64.exe
PRC - [2012.08.17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.09.22 10:30:43 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013.05.16 12:49:34 | 000,303,368 | ---- | M] (Steganos Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe -- (Online Shield Starter Service)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.09.22 13:04:27 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.09.22 13:04:26 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.09.22 13:04:24 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013.09.22 13:04:21 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013.09.22 13:04:17 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.09.22 05:25:56 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013.02.08 15:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:31 | 000,000,000 | ---D | M]

[2013.09.22 10:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\k\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2013.09.22 10:41:11 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\k\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2013.09.22 10:41:12 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\k\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2013.05.15 11:11:48 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\k\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\[email protected]
[2013.06.26 07:17:52 | 000,718,373 | ---- | M] () (No name found) -- C:\Users\k\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
[2013.06.25 16:15:42 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\k\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.15 11:11:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\k\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Device Doctor] C:\Program Files (x86)\Device Doctor\DDLauncher.exe (Device Doctor Software Inc.)
O4 - HKCU..\Run: [SOS_Agent] C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe (Steganos Software GmbH)
O4:64bit: - HKLM..\RunOnce: [ConnecitfyTemp 3] cmd /Q /C "rmdir /S /Q C:\Users\k\AppData\Local\Temp\Connectify\3" File not found
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1ACC8568-2F24-489D-B656-0417469C9700}: NameServer = 10.0.0.222
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.10.27 14:29:14 | 000,000,106 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2012.01.25 16:23:10 | 000,000,121 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4f41c9f7-2334-11e3-a60c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f41c9f7-2334-11e3-a60c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\fsetup.exe -- [2012.11.13 11:40:18 | 000,607,648 | R--- | M] ()
O33 - MountPoints2\{4f41c9ff-2334-11e3-a60c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f41c9ff-2334-11e3-a60c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\shelexec.exe .\starter.html
O33 - MountPoints2\{4f41c9ff-2334-11e3-a60c-806e6f6e6963}\Shell\verb\command - "" = E:\shelexec.exe .\starter.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.09.22 13:06:17 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Browzar
[2013.09.22 11:31:40 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.09.22 11:31:40 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013.09.22 11:23:34 | 001,545,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.09.22 11:20:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013.09.22 11:20:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013.09.22 10:54:04 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.09.22 10:54:04 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.09.22 10:54:04 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.09.22 10:53:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.09.22 10:53:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.09.22 10:41:12 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JonDoFox
[2013.09.22 10:41:11 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Mozilla
[2013.09.22 08:16:16 | 000,069,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysWow64\avmadd32.dll
[2013.09.22 07:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2013.09.22 07:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRITZ!Box
[2013.09.22 07:09:17 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Diagnostics
[2013.09.22 06:57:51 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Adobe
[2013.09.22 06:57:51 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Adobe
[2013.09.22 06:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2013.09.22 06:49:36 | 013,008,896 | ---- | C] (Norman ASA) -- C:\Users\k\Desktop\Norman_201Malware_Cleaner.exe
[2013.09.22 06:48:45 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Malwarebytes
[2013.09.22 06:48:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.09.22 06:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.09.22 06:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.09.22 06:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.09.22 06:48:31 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Programs
[2013.09.22 06:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
[2013.09.22 06:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steganos Online Shield
[2013.09.22 06:35:24 | 029,035,752 | ---- | C] (JonDos GmbH) -- C:\Users\k\Desktop\JonDoFox.paf_1.exe
[2013.09.22 06:32:54 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\k\Desktop\mbam-setup-1.75.0.1300.exe
[2013.09.22 06:32:11 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Steganos VPN
[2013.09.22 06:31:46 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Steganos
[2013.09.22 06:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos
[2013.09.22 06:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.09.22 06:15:29 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.09.22 06:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.09.22 06:11:55 | 000,000,000 | ---D | C] -- C:\Users\k\Desktop\Neuer Ordner
[2013.09.22 06:11:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\k\Desktop\hijackthis.exe
[2013.09.22 06:08:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.09.22 05:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.09.22 05:45:52 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.09.22 05:45:31 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.09.22 05:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.09.22 05:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.09.22 05:45:24 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.09.22 05:45:24 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.09.22 05:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor
[2013.09.22 05:31:58 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Device Doctor
[2013.09.22 05:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Device Doctor
[2013.09.22 05:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.09.22 05:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.09.22 05:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2013.09.22 05:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.09.22 05:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.09.22 05:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.09.22 05:26:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.09.22 05:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.09.22 05:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.09.22 05:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.09.22 05:26:04 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\LavasoftStatistics
[2013.09.22 05:25:56 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.09.22 05:25:56 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.09.22 05:25:56 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Ad-Aware Antivirus
[2013.09.22 05:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013.09.22 05:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.09.22 05:14:59 | 000,000,000 | R--D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.09.22 05:14:59 | 000,000,000 | R--D | C] -- C:\Users\k\Searches
[2013.09.22 05:14:59 | 000,000,000 | R--D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.09.22 05:14:51 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Identities
[2013.09.22 05:14:49 | 000,000,000 | R--D | C] -- C:\Users\k\Contacts
[2013.09.22 05:14:48 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\VirtualStore
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Vorlagen
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\AppData\Local\Verlauf
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\AppData\Local\Temporary Internet Files
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Startmenü
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\SendTo
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Recent
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Netzwerkumgebung
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Lokale Einstellungen
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Documents\Eigene Videos
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Documents\Eigene Musik
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Eigene Dateien
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Documents\Eigene Bilder
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Druckumgebung
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Cookies
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\AppData\Local\Anwendungsdaten
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Anwendungsdaten
[2013.09.22 05:14:39 | 000,000,000 | --SD | C] -- C:\Users\k\AppData\Roaming\Microsoft
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Videos
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Saved Games
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Pictures
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Music
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Links
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Favorites
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Downloads
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Documents
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Desktop
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.09.22 05:14:39 | 000,000,000 | -H-D | C] -- C:\Users\k\AppData
[2013.09.22 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Temp
[2013.09.22 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Microsoft
[2013.09.22 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Media Center Programs
[2013.09.22 05:14:34 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.09.22 05:11:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.09.22 05:09:32 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.09.22 05:08:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013.09.22 13:13:20 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.22 13:13:20 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.22 13:04:27 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.09.22 13:04:26 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.09.22 13:04:24 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013.09.22 13:04:21 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013.09.22 13:04:17 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.09.22 13:04:14 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.09.22 11:21:19 | 000,000,064 | ---- | M] () -- C:\ProgramData\UserElevating_smp
[2013.09.22 11:21:19 | 000,000,029 | ---- | M] () -- C:\ProgramData\UserElevating_tmp
[2013.09.22 11:21:19 | 000,000,026 | ---- | M] () -- C:\ProgramData\UserElevating_app
[2013.09.22 10:33:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.09.22 06:50:47 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2013.09.22 06:37:12 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Steganos Online Shield.lnk
[2013.09.22 06:15:29 | 000,003,185 | ---- | M] () -- C:\Users\k\Desktop\Sophos Virus Removal Tool.lnk
[2013.09.22 06:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.22 06:04:31 | 000,007,599 | ---- | M] () -- C:\Users\k\AppData\Local\Resmon.ResmonCfg
[2013.09.22 05:47:12 | 000,002,344 | ---- | M] () -- C:\Users\k\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.09.22 05:45:53 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.09.22 05:31:59 | 000,001,066 | ---- | M] () -- C:\Users\k\Desktop\Device Doctor.lnk
[2013.09.22 05:30:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.09.22 05:28:35 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.09.22 05:28:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.09.22 05:25:56 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.09.22 05:25:56 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.09.22 05:19:40 | 000,000,680 | RHS- | M] () -- C:\Users\k\ntuser.pol
[2013.09.22 05:18:40 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.09.22 05:18:40 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.09.22 05:18:40 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.09.22 05:18:40 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.09.22 05:18:40 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.22 05:13:07 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.22 05:12:30 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.09.22 05:12:30 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.09.22 05:10:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013.09.22 11:21:19 | 000,000,064 | ---- | C] () -- C:\ProgramData\UserElevating_smp
[2013.09.22 11:21:19 | 000,000,029 | ---- | C] () -- C:\ProgramData\UserElevating_tmp
[2013.09.22 11:21:19 | 000,000,026 | ---- | C] () -- C:\ProgramData\UserElevating_app
[2013.09.22 06:50:47 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2013.09.22 06:50:47 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2013.09.22 06:48:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.09.22 06:32:16 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Steganos Online Shield.lnk
[2013.09.22 06:31:11 | 000,914,931 | ---- | C] () -- C:\Users\k\Desktop\Superviren.pdf
[2013.09.22 06:15:29 | 000,003,185 | ---- | C] () -- C:\Users\k\Desktop\Sophos Virus Removal Tool.lnk
[2013.09.22 06:04:31 | 000,007,599 | ---- | C] () -- C:\Users\k\AppData\Local\Resmon.ResmonCfg
[2013.09.22 05:47:12 | 000,002,344 | ---- | C] () -- C:\Users\k\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.09.22 05:46:11 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.09.22 05:31:59 | 000,001,066 | ---- | C] () -- C:\Users\k\Desktop\Device Doctor.lnk
[2013.09.22 05:30:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.09.22 05:28:35 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.09.22 05:28:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.09.22 05:28:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.09.22 05:19:40 | 000,000,680 | RHS- | C] () -- C:\Users\k\ntuser.pol
[2013.09.22 05:15:04 | 000,001,409 | ---- | C] () -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.09.22 05:15:01 | 000,001,443 | ---- | C] () -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.09.22 05:12:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.09.22 05:12:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.09.22 05:10:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.09.22 05:08:58 | 3214,188,544 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.09.22 05:25:56 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Ad-Aware Antivirus
[2013.09.22 13:06:17 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Browzar
[2013.09.22 05:32:42 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Device Doctor
========== Purity Check ==========



< End of report >


[/quote]
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP