| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.09.2013, 12:08
| #1 |
| |  BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet Hallo zusammen Im August wurde ich Opfer des BKA-Trojaners auf meinem Notebook. Die Geschichte kennt man ja nur gut genug. Ich habe den Sperrbildschirm mittels Kasperskys Rescue Disk entfernen können und habe auch wieder vollen Zugriff auf das System. Anschliessend habe ich MBAM sowie Kaspersky Pure installiert um einen gewissen Schutz zu erlangen. Dabei kamen auch nach "entfernen" des BKA-Trojaners noch einige Sachen zum Vorschein (siehe Log's). Dazu kommt auch, dass sich die Leistung des Notebooks offensichtlich minimiert hat. Oft wird beim Laden von Internetseiten der ganze Browser "eingefroren" und nichts geht mer für einige Sekunden. "Keine Rückmeldung" lautet das Feedback der Maschine. Ich habe gelesen, dass es durch den Generic Trojaner auch zum heruntertakten des Prozessors kommen kann, womit auch die Leistung gemindert wird. Auch hat MBAM erkannt, dass versucht wird auf eine IP-Adresse zuzugreifen. Die Spur führt nach Bosnien Herzegowina falls man google trauen kann. Ich habe gemäss Guidelines folgende Scans und Log's vor Eröffnung erstellt: - Defogger - FRST (inkl. Addition) - GMER - MBAM - Kaspersky Pure Für einen Gedankensprung wäre ich sehr froh. Beste Grüsse Petar Nun zu den Logs: Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:23 on 29/09/2013 (Petar)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Petar (administrator) on PETAR-PC on 29-09-2013 11:29:55
Running from C:\Users\Petar\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\SMINST\BLService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [DVDAgent] - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM\...\Run: [TVAgent] - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-30] (Adobe Systems Incorporated)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
MountPoints2: F - WOERH_Q1\Data und co\Docmuente_WQ1\VisualBaisc\VrPa_Project\Softwares\autorun.exe
MountPoints2: {88596de4-5dcb-11de-8fdb-00238b9e6222} - G:\laucher.exe
MountPoints2: {88ae2290-ae0b-11de-965e-00238b9e6222} - F:\
MountPoints2: {a86150f5-d510-11de-85dc-00238b9e6222} - F:\
MountPoints2: {b9eeff64-3c93-11de-88b7-00238b9e6222} - F:\
MountPoints2: {d7a1f38c-0cef-11df-99f3-00238b9e6222} - G:\LaunchU3.exe -a
MountPoints2: {e593e417-94c5-11de-8b0c-00238b9e6222} - F:\setup.exe
MountPoints2: {ec36a86f-c9b0-11df-93d9-00238b9e6222} - H:\PMBP_Win.exe
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
AppInit_DLLs: avgrsstx.dll [ 2010-04-16] ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
SearchScopes: HKLM - DefaultScope {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKLM - {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKCU - DefaultScope {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKCU - {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Petar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\DeviceDetection@logitech.com
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [77824 2009-01-13] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe [237661 2009-01-08] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-09-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [26392 2013-05-23] (TrusCont Ltd)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-09-09] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:19 - 2013-09-29 11:20 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-16 22:24 - 2013-09-29 11:04 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-16 22:24 - 2013-09-17 22:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-16 22:24 - 2013-09-17 20:40 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-16 22:24 - 2013-09-17 20:40 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-16 22:23 - 2013-09-16 22:23 - 00001918 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-16 22:23 - 2009-01-25 13:14 - 00015224 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-09-16 22:22 - 2013-09-16 22:25 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 23:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 23:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 23:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 23:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 23:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-15 23:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 23:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-15 23:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-15 23:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 23:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 23:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 23:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-15 23:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 20:50 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-15 20:49 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 19:57 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 19:57 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-09 19:57 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 19:40 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 19:39 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 19:38 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 19:38 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-09 19:38 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-09 19:38 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-09 19:37 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:09 - 2013-09-09 19:07 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:04 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-09-09 19:04 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-09-09 19:03 - 2013-09-29 11:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:53 - 2013-09-09 19:31 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 18:53 - 2013-09-09 19:31 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ___HD C:\kleaner.tmp
==================== One Month Modified Files and Folders =======
2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:23 - 2009-05-09 00:43 - 00000000 ____D C:\Users\Petar
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:21 - 2013-09-09 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-29 11:20 - 2013-09-29 11:19 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-29 11:12 - 2009-03-24 03:40 - 01877816 _____ C:\Windows\WindowsUpdate.log
2013-09-29 11:06 - 2012-05-27 22:13 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Skype
2013-09-29 11:04 - 2013-09-16 22:24 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-29 11:01 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 11:01 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 11:01 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 23:40 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-17 22:17 - 2013-09-16 22:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-17 21:51 - 2012-10-08 21:46 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA.job
2013-09-17 21:51 - 2012-10-08 21:46 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core.job
2013-09-17 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-17 20:40 - 2013-09-16 22:24 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-17 20:40 - 2013-09-16 22:24 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-16 22:25 - 2013-09-16 22:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-16 22:23 - 2013-09-16 22:23 - 00001918 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-16 20:32 - 2009-07-31 17:28 - 00000000 ____D C:\Users\Petar\Documents\Bank
2013-09-16 20:21 - 2006-11-02 14:47 - 00393432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 23:47 - 2009-05-09 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 20:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-10 03:09 - 2009-03-07 17:29 - 00662132 _____ C:\Windows\system32\perfh010.dat
2013-09-10 03:09 - 2009-03-07 17:29 - 00122888 _____ C:\Windows\system32\perfc010.dat
2013-09-10 03:08 - 2006-11-02 12:33 - 03056766 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 22:49 - 2010-03-05 14:24 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForPetar.job
2013-09-09 20:38 - 2008-01-21 04:47 - 00209926 _____ C:\Windows\PFRO.log
2013-09-09 20:38 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-09 20:10 - 2013-08-04 19:13 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-09 20:05 - 2012-12-18 21:37 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-09 20:05 - 2012-05-27 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:31 - 2013-09-09 18:53 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 19:31 - 2013-09-09 18:53 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 19:31 - 2012-10-18 14:50 - 00044000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-09 19:31 - 2012-08-13 16:49 - 00145040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:07 - 2013-09-09 19:09 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ___HD C:\kleaner.tmp
2013-09-09 18:48 - 2009-05-09 14:45 - 00000000 ____D C:\Program Files\AVG
2013-09-09 18:37 - 2011-04-18 20:23 - 00000000 ____D C:\Users\Gast\Tracing
Files to move or delete:
====================
C:\Users\Petar\AppData\Roaming\settings.ini
C:\Users\Petar\AppData\Roaming\i.ini
Some content of TEMP:
====================
C:\Users\Petar\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Petar\AppData\Local\Temp\detectionui_r.exe
C:\Users\Petar\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\local.dll
C:\Users\Petar\AppData\Local\Temp\_isAED4.exe
C:\Users\Petar\AppData\Local\Temp\_isCF4F.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-29 11:10
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by Petar at 2013-09-29 11:31:01
Running from C:\Users\Petar\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
Adobe Shockwave Player (Version: 11.0)
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
ANNO 1503 GOLD (Version: 1.05.00)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
AutoUpdate (Version: 1.1)
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.46 (Version: 1.0.0.46)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full Existing (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full New (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Light (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Common (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0122.1.43106)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0122.1.43106)
CCC Help Chinese Standard (Version: 2009.0122.0000.43106)
CCC Help Chinese Traditional (Version: 2009.0122.0000.43106)
CCC Help Czech (Version: 2009.0122.0000.43106)
CCC Help Danish (Version: 2009.0122.0000.43106)
CCC Help Dutch (Version: 2009.0122.0000.43106)
CCC Help English (Version: 2009.0122.0000.43106)
CCC Help Finnish (Version: 2009.0122.0000.43106)
CCC Help French (Version: 2009.0122.0000.43106)
CCC Help German (Version: 2009.0122.0000.43106)
CCC Help Greek (Version: 2009.0122.0000.43106)
CCC Help Hungarian (Version: 2009.0122.0000.43106)
CCC Help Italian (Version: 2009.0122.0000.43106)
CCC Help Japanese (Version: 2009.0122.0000.43106)
CCC Help Korean (Version: 2009.0122.0000.43106)
CCC Help Norwegian (Version: 2009.0122.0000.43106)
CCC Help Polish (Version: 2009.0122.0000.43106)
CCC Help Portuguese (Version: 2009.0122.0000.43106)
CCC Help Russian (Version: 2009.0122.0000.43106)
CCC Help Spanish (Version: 2009.0122.0000.43106)
CCC Help Swedish (Version: 2009.0122.0000.43106)
CCC Help Thai (Version: 2009.0122.0000.43106)
CCC Help Turkish (Version: 2009.0122.0000.43106)
ccc-core-static (Version: 2009.0122.1.43106)
ccc-utility (Version: 2009.0122.1.43106)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Flight Simulator X Service Pack 1
FlyLogic's - Patrouille Suisse X (Version: 1.00)
Free Video Converter V 2.9 (Version: 2.9.0.0)
H.264 Decoder (Version: 1.1.0)
HP Active Support Library (Version: 3.1.9.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Help and Support (Version: 2.1.3.0)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart TV (Version: 2.1.1219)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Quick Launch Buttons 6.40 L1 (Version: 6.40 L1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP Update (Version: 4.000.013.003)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50 A6)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6087.22)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0512)
Microsoft Works (Version: 9.7.0621)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 7.0.0.0000)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Internet Security (Version: 16.0.0.125)
PhotoNow! (Version: 1.1.5615)
Project BO-105 PAH
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
QuickTime (Version: 7.73.80.64)
Radar v2.0 for FSX
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Setup-Start von Microsoft Works 2004
Skins (Version: 2009.0122.1.43106)
Skype™ 6.6 (Version: 6.6.106)
Spybot - Search & Destroy (Version: 2.1.21)
Steuer 2011 12.0.1 (Version: 12.0.1)
Steuer 2012 13.0.3 (Version: 13.0.3)
Synaptics Pointing Device Driver (Version: 12.1.0.0)
Tom Clancy's H.A.W.X. 2 (Version: 1.0.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.2 (Version: 1.0.2)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinRAR
==================== Restore Points =========================
30-06-2013 18:05:39 Sprachpaketdeinstallation
01-07-2013 20:39:38 Sprachpaketdeinstallation
02-07-2013 19:11:21 Sprachpaketdeinstallation
03-07-2013 17:50:08 Sprachpaketdeinstallation
06-07-2013 10:32:14 Sprachpaketdeinstallation
08-07-2013 19:47:41 Windows Update
08-07-2013 20:00:35 Sprachpaketdeinstallation
11-07-2013 21:06:14 Sprachpaketdeinstallation
15-07-2013 18:17:39 Windows Update
16-07-2013 20:16:07 Sprachpaketdeinstallation
17-07-2013 19:35:51 Sprachpaketdeinstallation
18-07-2013 19:21:29 Sprachpaketdeinstallation
24-07-2013 19:40:00 Avg Update
24-07-2013 19:50:35 Sprachpaketdeinstallation
28-07-2013 11:39:50 Sprachpaketdeinstallation
29-07-2013 15:37:34 Sprachpaketdeinstallation
31-07-2013 20:18:52 Sprachpaketdeinstallation
01-08-2013 09:51:52 Sprachpaketdeinstallation
01-08-2013 23:08:41 Sprachpaketdeinstallation
07-08-2013 20:18:39 Sprachpaketdeinstallation
09-09-2013 16:54:57 First Restore Point
09-09-2013 17:05:53 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
09-09-2013 17:10:19 Sprachpaketdeinstallation
09-09-2013 17:36:22 First Restore Point
09-09-2013 18:08:51 Sprachpaketdeinstallation
09-09-2013 19:05:47 Sprachpaketdeinstallation
10-09-2013 01:00:56 Windows Update
15-09-2013 18:16:46 Sprachpaketdeinstallation
15-09-2013 21:28:15 Windows Update
16-09-2013 19:10:44 Sprachpaketdeinstallation
17-09-2013 18:56:24 Sprachpaketdeinstallation
29-09-2013 09:18:08 Sprachpaketdeinstallation
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3B2EEE0C-211E-435C-A8E6-6303CDEF3F9E} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49FBE542-368A-437F-BD45-CFE54258B979} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {50001D87-3D44-49D8-95FC-3A1997DE42BC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5BA444EB-2319-4F76-80B0-F24EAA2F01BC} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {6A14DD91-AB0C-405B-9200-D90F787DCCBF} - System32\Tasks\{511E94B8-0376-4F5A-8C2D-A44856AD79DC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {8E6CD6A3-BB09-4C0D-998F-E10FF569A170} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {9FA0D467-4B2F-4EC6-AA27-13AFCF76AD1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AF677D66-1403-4A77-A9AA-5CBCB308AFBC} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {B9C6F8AE-39BC-4F3A-8F2E-83E41424EF81} - System32\Tasks\HPCeeScheduleForPetar => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D3EDC5CE-9E56-457D-A2A8-D1DCF998B0CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FD0D3D42-5A18-4CCC-A3CD-7992EC2004BC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core.job => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA.job => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPetar.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-12-24 00:00 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-16 22:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-16 22:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2009-01-22 02:34 - 2009-01-22 02:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2009-03-24 03:47 - 2009-03-24 03:47 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-29 18:34 - 2008-10-29 18:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-02 21:59 - 2013-07-02 21:59 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-06-30 23:13 - 2013-06-30 23:13 - 16033160 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2013 11:05:38 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xd80, Anwendungsstartzeit TVAgent.exe0.
Error: (09/29/2013 11:02:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2013 11:16:20 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x1498, Anwendungsstartzeit firefox.exe0.
Error: (09/17/2013 08:40:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2013 08:25:52 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xee8, Anwendungsstartzeit TVAgent.exe0.
Error: (09/16/2013 08:22:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/15/2013 11:26:55 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (09/15/2013 10:23:15 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x1054, Anwendungsstartzeit firefox.exe0.
Error: (09/15/2013 08:11:17 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0x4f8, Anwendungsstartzeit TVAgent.exe0.
Error: (09/15/2013 07:59:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/29/2013 11:19:25 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT
Error: (09/29/2013 11:19:22 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR
Error: (09/29/2013 11:03:41 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (09/29/2013 11:02:19 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/17/2013 08:57:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT
Error: (09/17/2013 08:57:41 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR
Error: (09/17/2013 08:45:04 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (09/17/2013 08:40:40 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/16/2013 09:15:58 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT
Error: (09/16/2013 09:15:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR
Microsoft Office Sessions:
=========================
Error: (09/29/2013 11:05:38 AM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3d8001cebcf2dbc8182b
Error: (09/29/2013 11:02:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2013 11:16:20 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668149801ceb3e96dd8bfd2
Error: (09/17/2013 08:40:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2013 08:25:52 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3ee801ceb309fc913780
Error: (09/16/2013 08:22:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/15/2013 11:26:55 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (09/15/2013 10:23:15 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668105401ceb25105c810d0
Error: (09/15/2013 08:11:17 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a34f801ceb23d90979e10
Error: (09/15/2013 07:59:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-09-29 11:30:09.370
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 11:30:08.423
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 11:30:07.508
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 11:30:06.455
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 11:27:53.125
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 11:27:52.163
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 11:27:51.132
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 11:27:50.107
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 23:31:18.092
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 23:31:17.094
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 3068.9 MB
Available physical RAM: 1415.52 MB
Total Pagefile: 6369.79 MB
Available Pagefile: 4436.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.72 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:286.51 GB) (Free:108.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.58 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D51C35F4)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-29 12:24:56
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Petar\AppData\Local\Temp\kgloapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xA109B6BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0xA104EC02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0xA104EF4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0xA104F390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0xA103728C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xA104E8DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0xA1037804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0xA10376EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0xA104EDAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xA109E528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0xA1037924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0xA109D9BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0xA104EE7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xA109D506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xA10372D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xA109B7FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0xA109B464]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xA109E320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0xA104D06C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0xA103789A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0xA103777A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xA109D0AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xA109E7D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0xA10379BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xA109D718]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0xA1037A44]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0xA104D27A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xA109E1D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0xA104F174]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0xA104F002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0xA104F0B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xA104F1E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xA109DEFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xA104EA6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xA109E05C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xA1037AE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0xA109B56E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xA109D24E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xA109DDA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0xA1037AF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xA109D3AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xA109D8B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xA109E93C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xA109E666]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0xA109DBFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0xA109D660]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 119 824EA764 4 Bytes [BA, B6, 09, A1]
.text ntkrnlpa.exe!KeSetEvent + 13D 824EA788 8 Bytes [02, EC, 04, A1, 4A, EF, 04, ...] {ADD CH, AH; ADD AL, 0xa1; DEC EDX; OUT DX, EAX; ADD AL, 0xa1}
.text ntkrnlpa.exe!KeSetEvent + 181 824EA7CC 4 Bytes [90, F3, 04, A1] {NOP ; ADD AL, 0xa1}
.text ntkrnlpa.exe!KeSetEvent + 1A9 824EA7F4 4 Bytes [8C, 72, 03, A1]
.text ntkrnlpa.exe!KeSetEvent + 1C1 824EA80C 4 Bytes [DC, E8, 04, A1] {FSUB ST0, ST0; ADD AL, 0xa1}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9FC04000, 0x241BC8, 0xE8000020]
.text C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0xB135C000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0xB137F050]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.29.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Petar :: PETAR-PC [Administrator] 29.09.2013 12:35:07 mbam-log-2013-09-29 (12-35-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 243045 Laufzeit: 29 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 2013/09/16 20:22:14 +0200 PETAR-PC (null) MESSAGE Executing scheduled update: Daily
2013/09/16 20:22:16 +0200 PETAR-PC (null) ERROR Scheduled update failed: Host not found failed with error code 0
2013/09/16 20:22:28 +0200 PETAR-PC (null) MESSAGE Starting protection
2013/09/16 20:22:28 +0200 PETAR-PC (null) MESSAGE Protection started successfully
2013/09/16 20:22:28 +0200 PETAR-PC (null) MESSAGE Starting IP protection
2013/09/16 20:22:41 +0200 PETAR-PC (null) MESSAGE IP Protection started successfully
2013/09/16 20:25:58 +0200 PETAR-PC Petar MESSAGE Starting database refresh
2013/09/16 20:25:58 +0200 PETAR-PC Petar MESSAGE Stopping IP protection
2013/09/16 20:25:59 +0200 PETAR-PC Petar MESSAGE IP Protection stopped successfully
2013/09/16 20:26:09 +0200 PETAR-PC Petar MESSAGE Database refreshed successfully
2013/09/16 20:26:09 +0200 PETAR-PC Petar MESSAGE Starting IP protection
2013/09/16 20:26:25 +0200 PETAR-PC Petar MESSAGE IP Protection started successfully
2013/09/16 22:11:29 +0200 PETAR-PC Petar IP-BLOCK 77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:29 +0200 PETAR-PC Petar IP-BLOCK 77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:37 +0200 PETAR-PC Petar IP-BLOCK 77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:45 +0200 PETAR-PC Petar IP-BLOCK 77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:45 +0200 PETAR-PC Petar IP-BLOCK 77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
Code:
ATTFilter jar_cache2254907160662247655.tmp Nicht desinfizierte Objekte: HEUR:Exploit.Java.CVE-2013-2465.gen c:\Documents and Settings\Petar\AppData\Local\Temp\ 09.09.2013 21:30:35
jar_cache2254907160662247655.tmp Gefunden: HEUR:Exploit.Java.CVE-2013-2465.gen c:\Documents and Settings\Petar\AppData\Local\Temp\ 09.09.2013 21:30:34
jar_cache2254907160662247655.tmp Nicht desinfizierte Objekte: HEUR:Exploit.Java.Generic c:\Documents and Settings\Petar\AppData\Local\Temp\ 09.09.2013 21:30:34
jar_cache2254907160662247655.tmp Gefunden: HEUR:Exploit.Java.Generic c:\Documents and Settings\Petar\AppData\Local\Temp\ 09.09.2013 21:30:34
jar_cache2254907160662247655.tmp Nicht desinfizierte Objekte: HEUR:Exploit.Java.CVE-2013-1493.a c:\Documents and Settings\Petar\AppData\Local\Temp\ 09.09.2013 21:30:34
jar_cache2254907160662247655.tmp Gefunden: HEUR:Exploit.Java.CVE-2013-1493.a c:\Documents and Settings\Petar\AppData\Local\Temp\ 09.09.2013 21:30:33
|
|
29.09.2013, 12:21
| #2 | |
| /// the machine /// TB-Ausbilder    | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
29.09.2013, 14:48
| #3 |
| | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet Servus Schrauber
__________________Vielen Dank für dein rasches Feedback. Habe Combofix über das System rattern lassen mit folgendem Resultat: Code:
ATTFilter ComboFix 13-09-28.02 - Petar 29.09.2013 14:37:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.41.1031.18.3069.1616 [GMT 2:00]
ausgeführt von:: C:\Users\Petar\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Windows\System32\ezsvc7.dll
C:\Windows\wininit.ini
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ezSharedSvc
((((((((((((((((((((((( Dateien erstellt von 2013-08-28 bis 2013-09-29 ))))))))))))))))))))))))))))))
2013-09-29 13:05:51 . 2013-09-29 13:05:51 40776 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2013-09-29 12:56:17 . 2013-09-29 12:56:17 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-09-17 21:28:27 . 2013-09-17 21:28:27 -------- d-----w- C:\FRST
2013-09-16 20:24:20 . 2013-09-17 20:17:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-09-16 20:22:48 . 2013-09-29 12:15:54 -------- d-----w- C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 18:50:13 . 2013-07-16 04:35:16 615936 ----a-w- C:\Windows\system32\themeui.dll
2013-09-15 18:49:45 . 2013-08-08 01:45:09 2049536 ----a-w- C:\Windows\system32\win32k.sys
2013-09-09 17:57:47 . 2013-06-15 13:22:11 15872 ----a-w- C:\Windows\system32\icaapi.dll
2013-09-09 17:57:47 . 2013-06-15 11:23:33 24064 ----a-w- C:\Windows\system32\drivers\tssecsrv.sys
2013-09-09 17:57:43 . 2013-07-05 04:53:33 905664 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-09-09 17:55:05 . 2013-09-09 17:55:05 -------- d-----w- C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 17:54:49 . 2013-09-09 17:54:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-09 17:54:47 . 2013-09-09 17:54:56 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 17:54:47 . 2013-04-04 12:50:32 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-09-09 17:40:03 . 2013-07-17 19:41:34 2048 ----a-w- C:\Windows\system32\tzres.dll
2013-09-09 17:39:21 . 2013-07-10 09:47:00 783360 ----a-w- C:\Windows\system32\rpcrt4.dll
2013-09-09 17:38:48 . 2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\system32\WMVDECOD.DLL
2013-09-09 17:38:22 . 2013-07-08 04:55:51 3551680 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-09-09 17:38:21 . 2013-07-09 12:10:36 1205168 ----a-w- C:\Windows\system32\ntdll.dll
2013-09-09 17:38:21 . 2013-07-08 04:55:51 3603904 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2013-09-09 17:37:54 . 2013-07-08 04:16:54 992768 ----a-w- C:\Windows\system32\crypt32.dll
2013-09-09 17:37:53 . 2013-07-08 04:20:04 172544 ----a-w- C:\Windows\system32\wintrust.dll
2013-09-09 17:37:53 . 2013-07-08 04:16:55 98304 ----a-w- C:\Windows\system32\cryptnet.dll
2013-09-09 17:37:53 . 2013-07-08 04:16:55 133120 ----a-w- C:\Windows\system32\cryptsvc.dll
2013-09-09 17:04:50 . 2011-06-02 12:39:44 39736 ----a-w- C:\Windows\system32\drivers\CSVirtualDiskDrv.sys
2013-09-09 17:04:48 . 2011-06-02 12:39:44 88632 ----a-w- C:\Windows\system32\drivers\CSCrySec.sys
2013-09-09 17:03:19 . 2013-09-09 17:03:19 -------- d-----w- C:\Program Files\Common Files\InfoWatch
2013-09-09 17:03:09 . 2013-09-29 13:04:39 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-09-09 17:03:09 . 2013-09-09 17:03:09 -------- d-----w- C:\Program Files\Kaspersky Lab
2013-09-09 16:53:20 . 2013-09-09 17:31:05 74848 ----a-w- C:\Windows\system32\drivers\klflt.sys
2013-09-09 16:48:34 . 2013-09-09 16:48:35 -------- d-----w- C:\kleaner.tmp
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-09-09 17:31:06 . 2012-08-13 14:49:44 145040 ----a-w- C:\Windows\system32\drivers\kneps.sys
2013-09-09 17:31:05 . 2012-10-18 12:50:48 44000 ----a-w- C:\Windows\system32\drivers\kltdi.sys
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:20:24 459784 ----a-w- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2013-06-21 07:58:32 19875432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 16:11:14 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 22:54:22 1410344]
"DVDAgent"="C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 17:04:26 1148200]
"TVAgent"="C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 15:23:16 210216]
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 18:35:44 914224]
"UpdatePSTShortCut"="C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 10:34:22 210216]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 06:58:56 75008]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 14:34:24 54576]
"WirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 10:25:24 432432]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 11:24:44 206128]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 00:12:02 483328]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 13:54:26 91520]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 11:08:14 59720]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2013-02-20 10:35:28 152392]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 21:20:00 41056]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 16:23:04 356968]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2010-5-7 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [2009-01-13 15:18:40 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Inhalt des "geplante Tasks" Ordners
2013-09-09 C:\Windows\Tasks\HPCeeScheduleForPetar.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-07 08:00:18 . 2008-05-19 10:34:50]
------- Zusätzlicher Suchlauf -------
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\
FF - prefs.js: browser.startup.homepage - google.ch
FF - ExtSQL: 2013-09-09 19:34; anti_banner@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-09-09 19:34; content_blocker@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-09-09 19:34; online_banking@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-09-09 19:34; url_advisor@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-09-09 19:34; virtual_keyboard@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: !HIDDEN! 2009-06-26 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-MobileDocuments - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - C:\Program Files\AVerMedia\AVerMedia A309 (MiniCard
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-09-29 15:07:26
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl"
------------------------ Weitere laufende Prozesse ------------------------
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\lpksetup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\DllHost.exe
**************************************************************************
Zeit der Fertigstellung: 2013-09-29 15:19:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-09-29 13:19:04
Vor Suchlauf: 12 Verzeichnis(se), 123'558'199'296 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 122'742'099'968 Bytes frei
- - End Of File - - BF25CDC7250C041861A8563FDAE2894F
588AE8F0C685C02BA11F30D9CD7E61A0
|
|
29.09.2013, 18:33
| #4 |
| /// the machine /// TB-Ausbilder | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.09.2013, 20:03
| #5 |
| | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet Hallo Schrauber Wie gewünscht die gemachten Log's: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.29.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Petar :: PETAR-PC [Administrator] 29.09.2013 20:08:41 mbam-log-2013-09-29 (20-08-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 242180 Laufzeit: 19 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 29/09/2013 um 20:35:48
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Petar - PETAR-PC
# Gestartet von : C:\Users\Petar\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16506
-\\ Mozilla Firefox v22.0 (de)
[ Datei : C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\prefs.js ]
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\eyh27r0m.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1965 octets] - [29/09/2013 20:34:06]
AdwCleaner[S0].txt - [1886 octets] - [29/09/2013 20:35:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1946 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Petar on 29.09.2013 at 20:42:59.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-687498125-1443843741-3421116368-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15B0B15B-A323-4C4D-982F-4DAA93FB22E7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15B0B15B-A323-4C4D-982F-4DAA93FB22E7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\free video converter"
~~~ FireFox
Emptied folder: C:\Users\Petar\AppData\Roaming\mozilla\firefox\profiles\76a3fdhl.default\minidumps [47 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2013 at 20:49:08.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Petar (administrator) on PETAR-PC on 29-09-2013 20:50:06
Running from C:\Users\Petar\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [DVDAgent] - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM\...\Run: [TVAgent] - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Petar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\DeviceDetection@logitech.com
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [77824 2009-01-13] (Andrea Electronics Corporation)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe [237661 2009-01-08] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-09-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2013-09-29] (Sysinternals - www.sysinternals.com)
S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [26392 2013-05-23] (TrusCont Ltd)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-09-09] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-29 20:49 - 2013-09-29 20:49 - 00001974 _____ C:\Users\Petar\Desktop\JRT.txt
2013-09-29 20:42 - 2013-09-29 20:42 - 00000000 ____D C:\Windows\ERUNT
2013-09-29 20:39 - 2013-09-29 20:39 - 00002026 _____ C:\Users\Petar\Desktop\AdwCleaner[S0].txt
2013-09-29 20:34 - 2013-09-29 20:35 - 00000000 ____D C:\AdwCleaner
2013-09-29 20:05 - 2013-09-29 20:05 - 01042066 _____ C:\Users\Petar\Desktop\adwcleaner.exe
2013-09-29 20:05 - 2013-09-29 20:05 - 01030305 _____ (Thisisu) C:\Users\Petar\Desktop\JRT.exe
2013-09-29 15:39 - 2013-09-29 15:19 - 00013072 _____ C:\Users\Petar\Desktop\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012721 _____ C:\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2013-09-29 14:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-29 14:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-29 14:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-29 14:31 - 2013-09-29 15:19 - 00000000 ____D C:\ComboFix
2013-09-29 14:09 - 2013-09-29 15:19 - 00000000 ____D C:\Qoobox
2013-09-29 14:08 - 2013-09-29 15:14 - 00000000 ____D C:\Windows\erdnt
2013-09-29 13:33 - 2013-09-29 13:34 - 05130789 ____R (Swearware) C:\Users\Petar\Desktop\ComboFix.exe
2013-09-29 12:24 - 2013-09-29 12:24 - 00006626 _____ C:\Users\Petar\Desktop\gmer.txt
2013-09-29 11:31 - 2013-09-29 11:37 - 00028582 _____ C:\Users\Petar\Desktop\Addition.txt
2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:19 - 2013-09-29 11:20 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-16 22:24 - 2013-09-17 22:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-16 22:22 - 2013-09-29 14:15 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 23:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 23:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 23:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 23:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 23:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-15 23:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 23:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-15 23:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-15 23:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 23:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 23:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 23:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-15 23:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 20:50 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-15 20:49 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 19:57 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 19:57 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-09 19:57 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 19:40 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 19:39 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 19:38 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 19:38 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-09 19:38 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-09 19:38 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-09 19:37 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:09 - 2013-09-09 19:07 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:04 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-09-09 19:04 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-09-09 19:03 - 2013-09-29 20:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:53 - 2013-09-09 19:31 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 18:53 - 2013-09-09 19:31 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ____D C:\kleaner.tmp
==================== One Month Modified Files and Folders =======
2013-09-29 20:49 - 2013-09-29 20:49 - 00001974 _____ C:\Users\Petar\Desktop\JRT.txt
2013-09-29 20:42 - 2013-09-29 20:42 - 00000000 ____D C:\Windows\ERUNT
2013-09-29 20:42 - 2009-03-24 03:40 - 01967492 _____ C:\Windows\WindowsUpdate.log
2013-09-29 20:41 - 2013-09-09 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-29 20:39 - 2013-09-29 20:39 - 00002026 _____ C:\Users\Petar\Desktop\AdwCleaner[S0].txt
2013-09-29 20:39 - 2012-05-27 22:13 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Skype
2013-09-29 20:38 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 20:38 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 20:37 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 20:36 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-29 20:35 - 2013-09-29 20:34 - 00000000 ____D C:\AdwCleaner
2013-09-29 20:05 - 2013-09-29 20:05 - 01042066 _____ C:\Users\Petar\Desktop\adwcleaner.exe
2013-09-29 20:05 - 2013-09-29 20:05 - 01030305 _____ (Thisisu) C:\Users\Petar\Desktop\JRT.exe
2013-09-29 15:19 - 2013-09-29 15:39 - 00013072 _____ C:\Users\Petar\Desktop\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012721 _____ C:\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2013-09-29 15:19 - 2013-09-29 14:31 - 00000000 ____D C:\ComboFix
2013-09-29 15:19 - 2013-09-29 14:09 - 00000000 ____D C:\Qoobox
2013-09-29 15:19 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-29 15:19 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-29 15:14 - 2013-09-29 14:08 - 00000000 ____D C:\Windows\erdnt
2013-09-29 15:06 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-29 15:04 - 2008-01-21 04:47 - 00213460 _____ C:\Windows\PFRO.log
2013-09-29 15:03 - 2006-11-02 12:22 - 62128128 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 55050240 _____ C:\Windows\system32\config\COMPON~1.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 23330816 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-29 14:15 - 2013-09-16 22:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-29 13:34 - 2013-09-29 13:33 - 05130789 ____R (Swearware) C:\Users\Petar\Desktop\ComboFix.exe
2013-09-29 13:33 - 2009-03-07 17:29 - 00662132 _____ C:\Windows\system32\perfh010.dat
2013-09-29 13:33 - 2009-03-07 17:29 - 00122888 _____ C:\Windows\system32\perfc010.dat
2013-09-29 13:33 - 2006-11-02 12:33 - 03020748 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-29 12:24 - 2013-09-29 12:24 - 00006626 _____ C:\Users\Petar\Desktop\gmer.txt
2013-09-29 12:23 - 2009-07-31 17:28 - 00000000 ____D C:\Users\Petar\Documents\Bank
2013-09-29 11:37 - 2013-09-29 11:31 - 00028582 _____ C:\Users\Petar\Desktop\Addition.txt
2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:23 - 2009-05-09 00:43 - 00000000 ____D C:\Users\Petar
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:20 - 2013-09-29 11:19 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-17 22:17 - 2013-09-16 22:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-17 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-16 20:21 - 2006-11-02 14:47 - 00393432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 23:47 - 2009-05-09 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 20:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-09 22:49 - 2010-03-05 14:24 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForPetar.job
2013-09-09 20:38 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-09 20:10 - 2013-08-04 19:13 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-09 20:05 - 2012-12-18 21:37 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-09 20:05 - 2012-05-27 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:31 - 2013-09-09 18:53 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 19:31 - 2013-09-09 18:53 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 19:31 - 2012-10-18 14:50 - 00044000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-09 19:31 - 2012-08-13 16:49 - 00145040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:07 - 2013-09-09 19:09 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ____D C:\kleaner.tmp
2013-09-09 18:48 - 2009-05-09 14:45 - 00000000 ____D C:\Program Files\AVG
2013-09-09 18:37 - 2011-04-18 20:23 - 00000000 ____D C:\Users\Gast\Tracing
Files to move or delete:
====================
C:\Users\Petar\AppData\Roaming\settings.ini
C:\Users\Petar\AppData\Roaming\i.ini
Some content of TEMP:
====================
C:\Users\Petar\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-29 20:44
==================== End Of Log ============================
--- --- --- Addition log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by Petar at 2013-09-29 20:50:57
Running from C:\Users\Petar\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky PURE 3.0 (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
Adobe Shockwave Player (Version: 11.0)
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
ANNO 1503 GOLD (Version: 1.05.00)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
AutoUpdate (Version: 1.1)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full Existing (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full New (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Light (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Common (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0122.1.43106)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0122.1.43106)
CCC Help Chinese Standard (Version: 2009.0122.0000.43106)
CCC Help Chinese Traditional (Version: 2009.0122.0000.43106)
CCC Help Czech (Version: 2009.0122.0000.43106)
CCC Help Danish (Version: 2009.0122.0000.43106)
CCC Help Dutch (Version: 2009.0122.0000.43106)
CCC Help English (Version: 2009.0122.0000.43106)
CCC Help Finnish (Version: 2009.0122.0000.43106)
CCC Help French (Version: 2009.0122.0000.43106)
CCC Help German (Version: 2009.0122.0000.43106)
CCC Help Greek (Version: 2009.0122.0000.43106)
CCC Help Hungarian (Version: 2009.0122.0000.43106)
CCC Help Italian (Version: 2009.0122.0000.43106)
CCC Help Japanese (Version: 2009.0122.0000.43106)
CCC Help Korean (Version: 2009.0122.0000.43106)
CCC Help Norwegian (Version: 2009.0122.0000.43106)
CCC Help Polish (Version: 2009.0122.0000.43106)
CCC Help Portuguese (Version: 2009.0122.0000.43106)
CCC Help Russian (Version: 2009.0122.0000.43106)
CCC Help Spanish (Version: 2009.0122.0000.43106)
CCC Help Swedish (Version: 2009.0122.0000.43106)
CCC Help Thai (Version: 2009.0122.0000.43106)
CCC Help Turkish (Version: 2009.0122.0000.43106)
ccc-core-static (Version: 2009.0122.1.43106)
ccc-utility (Version: 2009.0122.1.43106)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Flight Simulator X Service Pack 1
FlyLogic's - Patrouille Suisse X (Version: 1.00)
Free Video Converter V 2.9 (Version: 2.9.0.0)
H.264 Decoder (Version: 1.1.0)
HP Active Support Library (Version: 3.1.9.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Help and Support (Version: 2.1.3.0)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart TV (Version: 2.1.1219)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Quick Launch Buttons 6.40 L1 (Version: 6.40 L1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP Update (Version: 4.000.013.003)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50 A6)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6087.22)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0512)
Microsoft Works (Version: 9.7.0621)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 7.0.0.0000)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Internet Security (Version: 16.0.0.125)
PhotoNow! (Version: 1.1.5615)
Project BO-105 PAH
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
QuickTime (Version: 7.73.80.64)
Radar v2.0 for FSX
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Setup-Start von Microsoft Works 2004
Skins (Version: 2009.0122.1.43106)
Skype™ 6.6 (Version: 6.6.106)
Steuer 2011 12.0.1 (Version: 12.0.1)
Steuer 2012 13.0.3 (Version: 13.0.3)
Synaptics Pointing Device Driver (Version: 12.1.0.0)
Tom Clancy's H.A.W.X. 2 (Version: 1.0.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.2 (Version: 1.0.2)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinRAR
==================== Restore Points =========================
06-07-2013 10:32:14 Sprachpaketdeinstallation
08-07-2013 19:47:41 Windows Update
08-07-2013 20:00:35 Sprachpaketdeinstallation
11-07-2013 21:06:14 Sprachpaketdeinstallation
15-07-2013 18:17:39 Windows Update
16-07-2013 20:16:07 Sprachpaketdeinstallation
17-07-2013 19:35:51 Sprachpaketdeinstallation
18-07-2013 19:21:29 Sprachpaketdeinstallation
24-07-2013 19:40:00 Avg Update
24-07-2013 19:50:35 Sprachpaketdeinstallation
28-07-2013 11:39:50 Sprachpaketdeinstallation
29-07-2013 15:37:34 Sprachpaketdeinstallation
31-07-2013 20:18:52 Sprachpaketdeinstallation
01-08-2013 09:51:52 Sprachpaketdeinstallation
01-08-2013 23:08:41 Sprachpaketdeinstallation
07-08-2013 20:18:39 Sprachpaketdeinstallation
09-09-2013 16:54:57 First Restore Point
09-09-2013 17:05:53 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
09-09-2013 17:10:19 Sprachpaketdeinstallation
09-09-2013 17:36:22 First Restore Point
09-09-2013 18:08:51 Sprachpaketdeinstallation
09-09-2013 19:05:47 Sprachpaketdeinstallation
10-09-2013 01:00:56 Windows Update
15-09-2013 18:16:46 Sprachpaketdeinstallation
15-09-2013 21:28:15 Windows Update
16-09-2013 19:10:44 Sprachpaketdeinstallation
17-09-2013 18:56:24 Sprachpaketdeinstallation
29-09-2013 09:18:08 Sprachpaketdeinstallation
29-09-2013 12:43:43 Sprachpaketdeinstallation
29-09-2013 13:21:16 Sprachpaketdeinstallation
29-09-2013 13:52:02 Sprachpaketdeinstallation
==================== Hosts content: ==========================
2006-11-02 12:23 - 2013-09-29 15:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49FBE542-368A-437F-BD45-CFE54258B979} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {6A14DD91-AB0C-405B-9200-D90F787DCCBF} - System32\Tasks\{511E94B8-0376-4F5A-8C2D-A44856AD79DC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {9FA0D467-4B2F-4EC6-AA27-13AFCF76AD1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B9C6F8AE-39BC-4F3A-8F2E-83E41424EF81} - System32\Tasks\HPCeeScheduleForPetar => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D3EDC5CE-9E56-457D-A2A8-D1DCF998B0CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FD0D3D42-5A18-4CCC-A3CD-7992EC2004BC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\HPCeeScheduleForPetar.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-01-22 02:34 - 2009-01-22 02:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-03-24 03:47 - 2009-03-24 03:47 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-29 18:34 - 2008-10-29 18:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-12-24 00:00 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-09-29 20:50:18.019
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:50:16.974
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:50:16.007
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:50:14.946
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:21:03.950
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:21:02.888
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:21:01.868
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:21:00.843
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:20:59.869
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-29 20:20:58.886
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 3068.9 MB
Available physical RAM: 1861.57 MB
Total Pagefile: 6369.79 MB
Available Pagefile: 5196.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:286.51 GB) (Free:114.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.58 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D51C35F4)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
30.09.2013, 09:00
| #6 |
| /// the machine /// TB-Ausbilder | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet |
|
06.10.2013, 10:55
| #7 |
| | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet sorry für die längere Wartezeit, hatte viel um die Ohren in den letzten Tagen. Folgende Logs: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9716a0db78c59245b3910e8fb268065a
# engine=15371
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 02:03:19
# local_time=2013-10-06 04:03:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 34424506 218557727 0 0
# scanned=381581
# found=0
# cleaned=0
# scan_time=15469
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky PURE 3.0 Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 26 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 22.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky PURE 3.0 klwtblfs.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Petar (administrator) on PETAR-PC on 06-10-2013 11:43:44
Running from C:\Users\Petar\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [DVDAgent] - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM\...\Run: [TVAgent] - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-30] (Adobe Systems Incorporated)
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Petar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\DeviceDetection@logitech.com
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [77824 2009-01-13] (Andrea Electronics Corporation)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe [237661 2009-01-08] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
S2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-09-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2013-09-29] (Sysinternals - www.sysinternals.com)
S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [26392 2013-05-23] (TrusCont Ltd)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-09-09] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-06 11:43 - 2013-10-06 11:43 - 01087213 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-10-06 11:40 - 2013-10-06 11:40 - 00001097 _____ C:\Users\Petar\Desktop\checkup.txt
2013-10-05 23:38 - 2013-10-05 23:38 - 00891167 _____ C:\Users\Petar\Desktop\SecurityCheck.exe
2013-10-05 23:37 - 2013-10-05 23:37 - 02347384 _____ (ESET) C:\Users\Petar\Desktop\esetsmartinstaller_enu.exe
2013-09-29 20:49 - 2013-09-29 20:49 - 00001974 _____ C:\Users\Petar\Desktop\JRT.txt
2013-09-29 20:42 - 2013-09-29 20:42 - 00000000 ____D C:\Windows\ERUNT
2013-09-29 20:39 - 2013-09-29 20:39 - 00002026 _____ C:\Users\Petar\Desktop\AdwCleaner[S0].txt
2013-09-29 20:34 - 2013-09-29 20:35 - 00000000 ____D C:\AdwCleaner
2013-09-29 20:05 - 2013-09-29 20:05 - 01042066 _____ C:\Users\Petar\Desktop\adwcleaner.exe
2013-09-29 20:05 - 2013-09-29 20:05 - 01030305 _____ (Thisisu) C:\Users\Petar\Desktop\JRT.exe
2013-09-29 15:39 - 2013-09-29 15:19 - 00013072 _____ C:\Users\Petar\Desktop\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012721 _____ C:\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2013-09-29 14:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-29 14:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-29 14:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-29 14:31 - 2013-09-29 15:19 - 00000000 ____D C:\ComboFix
2013-09-29 14:09 - 2013-09-29 15:19 - 00000000 ____D C:\Qoobox
2013-09-29 14:08 - 2013-09-29 15:14 - 00000000 ____D C:\Windows\erdnt
2013-09-29 13:33 - 2013-09-29 13:34 - 05130789 ____R (Swearware) C:\Users\Petar\Desktop\ComboFix.exe
2013-09-29 12:24 - 2013-09-29 12:24 - 00006626 _____ C:\Users\Petar\Desktop\gmer.txt
2013-09-29 11:31 - 2013-09-29 20:56 - 00019590 _____ C:\Users\Petar\Desktop\Addition.txt
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:19 - 2013-09-29 11:20 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-16 22:24 - 2013-09-17 22:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-16 22:22 - 2013-09-29 14:15 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 23:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 23:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 23:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 23:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 23:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-15 23:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 23:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-15 23:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-15 23:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 23:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 23:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 23:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-15 23:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 20:50 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-15 20:49 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 19:57 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 19:57 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-09 19:57 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 19:40 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 19:39 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 19:38 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 19:38 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-09 19:38 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-09 19:38 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-09 19:37 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:09 - 2013-09-09 19:07 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:04 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-09-09 19:04 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-09-09 19:03 - 2013-10-05 23:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:53 - 2013-09-09 19:31 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 18:53 - 2013-09-09 19:31 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ____D C:\kleaner.tmp
==================== One Month Modified Files and Folders =======
2013-10-06 11:43 - 2013-10-06 11:43 - 01087213 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-10-06 11:42 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 11:42 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 11:40 - 2013-10-06 11:40 - 00001097 _____ C:\Users\Petar\Desktop\checkup.txt
2013-10-06 11:25 - 2009-03-24 03:40 - 02085386 _____ C:\Windows\WindowsUpdate.log
2013-10-05 23:43 - 2009-03-07 17:29 - 00662132 _____ C:\Windows\system32\perfh010.dat
2013-10-05 23:43 - 2009-03-07 17:29 - 00122888 _____ C:\Windows\system32\perfc010.dat
2013-10-05 23:43 - 2006-11-02 12:33 - 03020748 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 23:38 - 2013-10-05 23:38 - 00891167 _____ C:\Users\Petar\Desktop\SecurityCheck.exe
2013-10-05 23:37 - 2013-10-05 23:37 - 02347384 _____ (ESET) C:\Users\Petar\Desktop\esetsmartinstaller_enu.exe
2013-10-05 23:34 - 2013-09-09 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-05 23:09 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 22:27 - 2009-07-31 17:28 - 00000000 ____D C:\Users\Petar\Documents\Bank
2013-10-02 22:27 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-01 00:00 - 2012-05-27 22:13 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Skype
2013-09-29 20:56 - 2013-09-29 11:31 - 00019590 _____ C:\Users\Petar\Desktop\Addition.txt
2013-09-29 20:49 - 2013-09-29 20:49 - 00001974 _____ C:\Users\Petar\Desktop\JRT.txt
2013-09-29 20:42 - 2013-09-29 20:42 - 00000000 ____D C:\Windows\ERUNT
2013-09-29 20:39 - 2013-09-29 20:39 - 00002026 _____ C:\Users\Petar\Desktop\AdwCleaner[S0].txt
2013-09-29 20:35 - 2013-09-29 20:34 - 00000000 ____D C:\AdwCleaner
2013-09-29 20:05 - 2013-09-29 20:05 - 01042066 _____ C:\Users\Petar\Desktop\adwcleaner.exe
2013-09-29 20:05 - 2013-09-29 20:05 - 01030305 _____ (Thisisu) C:\Users\Petar\Desktop\JRT.exe
2013-09-29 15:19 - 2013-09-29 15:39 - 00013072 _____ C:\Users\Petar\Desktop\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012721 _____ C:\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2013-09-29 15:19 - 2013-09-29 14:31 - 00000000 ____D C:\ComboFix
2013-09-29 15:19 - 2013-09-29 14:09 - 00000000 ____D C:\Qoobox
2013-09-29 15:19 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-29 15:19 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-29 15:14 - 2013-09-29 14:08 - 00000000 ____D C:\Windows\erdnt
2013-09-29 15:06 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-29 15:04 - 2008-01-21 04:47 - 00213460 _____ C:\Windows\PFRO.log
2013-09-29 15:03 - 2006-11-02 12:22 - 62128128 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 55050240 _____ C:\Windows\system32\config\COMPON~1.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 23330816 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-29 14:15 - 2013-09-16 22:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-29 13:34 - 2013-09-29 13:33 - 05130789 ____R (Swearware) C:\Users\Petar\Desktop\ComboFix.exe
2013-09-29 12:24 - 2013-09-29 12:24 - 00006626 _____ C:\Users\Petar\Desktop\gmer.txt
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:23 - 2009-05-09 00:43 - 00000000 ____D C:\Users\Petar
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:20 - 2013-09-29 11:19 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-17 22:17 - 2013-09-16 22:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-17 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-16 20:21 - 2006-11-02 14:47 - 00393432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 23:47 - 2009-05-09 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 20:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-09 22:49 - 2010-03-05 14:24 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForPetar.job
2013-09-09 20:38 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-09 20:10 - 2013-08-04 19:13 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-09 20:05 - 2012-12-18 21:37 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-09 20:05 - 2012-05-27 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:31 - 2013-09-09 18:53 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 19:31 - 2013-09-09 18:53 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 19:31 - 2012-10-18 14:50 - 00044000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-09 19:31 - 2012-08-13 16:49 - 00145040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:07 - 2013-09-09 19:09 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ____D C:\kleaner.tmp
2013-09-09 18:48 - 2009-05-09 14:45 - 00000000 ____D C:\Program Files\AVG
2013-09-09 18:37 - 2011-04-18 20:23 - 00000000 ____D C:\Users\Gast\Tracing
Files to move or delete:
====================
C:\Users\Petar\AppData\Roaming\settings.ini
C:\Users\Petar\AppData\Roaming\i.ini
Some content of TEMP:
====================
C:\Users\Petar\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-06 11:40
==================== End Of Log ============================
--- --- --- Addition Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Petar at 2013-10-06 11:45:39
Running from C:\Users\Petar\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky PURE 3.0 (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
Adobe Shockwave Player (Version: 11.0)
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
ANNO 1503 GOLD (Version: 1.05.00)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
AutoUpdate (Version: 1.1)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full Existing (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full New (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Light (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Common (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0122.1.43106)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0122.1.43106)
CCC Help Chinese Standard (Version: 2009.0122.0000.43106)
CCC Help Chinese Traditional (Version: 2009.0122.0000.43106)
CCC Help Czech (Version: 2009.0122.0000.43106)
CCC Help Danish (Version: 2009.0122.0000.43106)
CCC Help Dutch (Version: 2009.0122.0000.43106)
CCC Help English (Version: 2009.0122.0000.43106)
CCC Help Finnish (Version: 2009.0122.0000.43106)
CCC Help French (Version: 2009.0122.0000.43106)
CCC Help German (Version: 2009.0122.0000.43106)
CCC Help Greek (Version: 2009.0122.0000.43106)
CCC Help Hungarian (Version: 2009.0122.0000.43106)
CCC Help Italian (Version: 2009.0122.0000.43106)
CCC Help Japanese (Version: 2009.0122.0000.43106)
CCC Help Korean (Version: 2009.0122.0000.43106)
CCC Help Norwegian (Version: 2009.0122.0000.43106)
CCC Help Polish (Version: 2009.0122.0000.43106)
CCC Help Portuguese (Version: 2009.0122.0000.43106)
CCC Help Russian (Version: 2009.0122.0000.43106)
CCC Help Spanish (Version: 2009.0122.0000.43106)
CCC Help Swedish (Version: 2009.0122.0000.43106)
CCC Help Thai (Version: 2009.0122.0000.43106)
CCC Help Turkish (Version: 2009.0122.0000.43106)
ccc-core-static (Version: 2009.0122.1.43106)
ccc-utility (Version: 2009.0122.1.43106)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Flight Simulator X Service Pack 1
FlyLogic's - Patrouille Suisse X (Version: 1.00)
Free Video Converter V 2.9 (Version: 2.9.0.0)
H.264 Decoder (Version: 1.1.0)
HP Active Support Library (Version: 3.1.9.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Help and Support (Version: 2.1.3.0)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart TV (Version: 2.1.1219)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Quick Launch Buttons 6.40 L1 (Version: 6.40 L1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP Update (Version: 4.000.013.003)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50 A6)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6087.22)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0512)
Microsoft Works (Version: 9.7.0621)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 7.0.0.0000)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Internet Security (Version: 16.0.0.125)
PhotoNow! (Version: 1.1.5615)
Project BO-105 PAH
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
QuickTime (Version: 7.73.80.64)
Radar v2.0 for FSX
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Setup-Start von Microsoft Works 2004
Skins (Version: 2009.0122.1.43106)
Skype™ 6.6 (Version: 6.6.106)
Steuer 2011 12.0.1 (Version: 12.0.1)
Steuer 2012 13.0.3 (Version: 13.0.3)
Synaptics Pointing Device Driver (Version: 12.1.0.0)
Tom Clancy's H.A.W.X. 2 (Version: 1.0.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.2 (Version: 1.0.2)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinRAR
==================== Restore Points =========================
18-07-2013 19:21:29 Sprachpaketdeinstallation
24-07-2013 19:40:00 Avg Update
24-07-2013 19:50:35 Sprachpaketdeinstallation
28-07-2013 11:39:50 Sprachpaketdeinstallation
29-07-2013 15:37:34 Sprachpaketdeinstallation
31-07-2013 20:18:52 Sprachpaketdeinstallation
01-08-2013 09:51:52 Sprachpaketdeinstallation
01-08-2013 23:08:41 Sprachpaketdeinstallation
07-08-2013 20:18:39 Sprachpaketdeinstallation
09-09-2013 16:54:57 First Restore Point
09-09-2013 17:05:53 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
09-09-2013 17:10:19 Sprachpaketdeinstallation
09-09-2013 17:36:22 First Restore Point
09-09-2013 18:08:51 Sprachpaketdeinstallation
09-09-2013 19:05:47 Sprachpaketdeinstallation
10-09-2013 01:00:56 Windows Update
15-09-2013 18:16:46 Sprachpaketdeinstallation
15-09-2013 21:28:15 Windows Update
16-09-2013 19:10:44 Sprachpaketdeinstallation
17-09-2013 18:56:24 Sprachpaketdeinstallation
29-09-2013 09:18:08 Sprachpaketdeinstallation
29-09-2013 12:43:43 Sprachpaketdeinstallation
29-09-2013 13:21:16 Sprachpaketdeinstallation
29-09-2013 13:52:02 Sprachpaketdeinstallation
29-09-2013 18:57:18 Sprachpaketdeinstallation
30-09-2013 21:49:41 Sprachpaketdeinstallation
02-10-2013 19:34:12 Sprachpaketdeinstallation
05-10-2013 21:25:53 Sprachpaketdeinstallation
==================== Hosts content: ==========================
2006-11-02 12:23 - 2013-09-29 15:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49FBE542-368A-437F-BD45-CFE54258B979} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {6A14DD91-AB0C-405B-9200-D90F787DCCBF} - System32\Tasks\{511E94B8-0376-4F5A-8C2D-A44856AD79DC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {9FA0D467-4B2F-4EC6-AA27-13AFCF76AD1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B9C6F8AE-39BC-4F3A-8F2E-83E41424EF81} - System32\Tasks\HPCeeScheduleForPetar => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D3EDC5CE-9E56-457D-A2A8-D1DCF998B0CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FD0D3D42-5A18-4CCC-A3CD-7992EC2004BC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\HPCeeScheduleForPetar.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-12-24 00:00 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-01-22 02:34 - 2009-01-22 02:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-03-24 03:47 - 2009-03-24 03:47 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-29 18:34 - 2008-10-29 18:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-02 21:59 - 2013-07-02 21:59 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/06/2013 06:02:38 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVSched.exe, Version 5.0.0.3507, Zeitstempel 0x4913bbec, fehlerhaftes Modul TVSched.exe, Version 5.0.0.3507, Zeitstempel 0x4913bbec, Ausnahmecode 0xc0000005, Fehleroffset 0x00007684,
Prozess-ID 0x96c, Anwendungsstartzeit TVSched.exe0.
Error: (10/06/2013 02:39:43 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\PETAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\76A3FDHL.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/06/2013 02:39:43 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\PETAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\76A3FDHL.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/05/2013 11:34:27 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xc74, Anwendungsstartzeit TVAgent.exe0.
Error: (10/05/2013 11:11:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/02/2013 09:19:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/01/2013 00:27:05 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x1118, Anwendungsstartzeit firefox.exe0.
Error: (09/30/2013 11:36:35 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xa20, Anwendungsstartzeit TVAgent.exe0.
Error: (09/30/2013 11:31:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/29/2013 09:06:53 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVSched.exe, Version 5.0.0.3507, Zeitstempel 0x4913bbec, fehlerhaftes Modul TVSched.exe, Version 5.0.0.3507, Zeitstempel 0x4913bbec, Ausnahmecode 0xc0000005, Fehleroffset 0x00007684,
Prozess-ID 0x92c, Anwendungsstartzeit TVSched.exe0.
System errors:
=============
Error: (10/06/2013 11:24:27 AM) (Source: Service Control Manager) (User: )
Description: TV Task Scheduler (TVTS)1
Error: (10/05/2013 11:27:19 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT
Error: (10/05/2013 11:27:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR
Error: (10/05/2013 11:12:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/05/2013 11:11:13 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (10/02/2013 09:35:37 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT
Error: (10/02/2013 09:35:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR
Error: (10/02/2013 09:19:37 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/02/2013 09:19:22 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/30/2013 11:52:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT
Microsoft Office Sessions:
=========================
Error: (10/06/2013 06:02:38 AM) (Source: Application Error)(User: )
Description: TVSched.exe5.0.0.35074913bbecTVSched.exe5.0.0.35074913bbecc00000050000768496c01cec20f3cbbd5c6
Error: (10/06/2013 02:39:43 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\PETAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\76A3FDHL.DEFAULT\SAFEBROWSING-TO_DELETE
Error: (10/06/2013 02:39:43 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\PETAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\76A3FDHL.DEFAULT\SAFEBROWSING-BACKUP
Error: (10/05/2013 11:34:27 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3c7401cec211ddf2b336
Error: (10/05/2013 11:11:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/02/2013 09:19:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/01/2013 00:27:05 AM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668111801cebe28719582e4
Error: (09/30/2013 11:36:35 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3a2001cebe246ac44274
Error: (09/30/2013 11:31:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/29/2013 09:06:53 PM) (Source: Application Error)(User: )
Description: TVSched.exe5.0.0.35074913bbecTVSched.exe5.0.0.35074913bbecc00000050000768492c01cebd430784e00d
CodeIntegrity Errors:
===================================
Date: 2013-10-06 11:45:27.668
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:26.685
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:25.702
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:24.688
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:23.674
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:22.722
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:21.662
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:20.585
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:19.556
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 11:45:18.620
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 3068.9 MB
Available physical RAM: 1361.03 MB
Total Pagefile: 6371.79 MB
Available Pagefile: 4865.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.72 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:286.51 GB) (Free:113.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.58 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (SAMSUNG) (Fixed) (Total:596.02 GB) (Free:427.39 GB) FAT32
Drive g: () (Removable) (Total:7.45 GB) (Free:6.35 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D51C35F4)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 540B676F)
Partition 1: (Not Active) - (Size=596 GB) - (Type=0C)
========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
==================== End Of Log ============================
Ich muss das Ganze mal ein bisschen beobachten, wie sich das Notebook verhält was den Speed anbelangt. |
|
06.10.2013, 16:44
| #8 |
| /// the machine /// TB-Ausbilder | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet Java, Flash, Adobe und Firefox updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2013, 21:27
| #9 |
| | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet Danke vielmals für deine Hilfe. Sämtliche Schritte habe ich nun befolgt und die Software wieder löschen lassen. Jetzt werden wir sehen wie sich das ganze Verhält. Gruss |
|
14.10.2013, 11:47
| #10 |
| /// the machine /// TB-Ausbilder | BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet |
| bonjour, branding, browser, converter, device driver, ebanking, entfernen, excel, farbar, farbar recovery scan tool, feedback, flash player, google, heur:exploit.java.cve-2013-1493.a, heur:exploit.java.cve-2013-2465.gen, heur:exploit.java.generic, home, homepage, installation, keine rückmeldung, langsam, launch, log's, plug-in, refresh, registry, safer networking, schutz, security, services.exe, software, svchost.exe, udp, usb, windows |
Linear-Darstellung
