Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 29.09.2013, 12:08   #1
Grondel
 
BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



Hallo zusammen
Im August wurde ich Opfer des BKA-Trojaners auf meinem Notebook. Die Geschichte kennt man ja nur gut genug. Ich habe den Sperrbildschirm mittels Kasperskys Rescue Disk entfernen können und habe auch wieder vollen Zugriff auf das System.
Anschliessend habe ich MBAM sowie Kaspersky Pure installiert um einen gewissen Schutz zu erlangen.
Dabei kamen auch nach "entfernen" des BKA-Trojaners noch einige Sachen zum Vorschein (siehe Log's).
Dazu kommt auch, dass sich die Leistung des Notebooks offensichtlich minimiert hat. Oft wird beim Laden von Internetseiten der ganze Browser "eingefroren" und nichts geht mer für einige Sekunden. "Keine Rückmeldung" lautet das Feedback der Maschine.
Ich habe gelesen, dass es durch den Generic Trojaner auch zum heruntertakten des Prozessors kommen kann, womit auch die Leistung gemindert wird. Auch hat MBAM erkannt, dass versucht wird auf eine IP-Adresse zuzugreifen. Die Spur führt nach Bosnien Herzegowina falls man google trauen kann.

Ich habe gemäss Guidelines folgende Scans und Log's vor Eröffnung erstellt:
- Defogger
- FRST (inkl. Addition)
- GMER
- MBAM
- Kaspersky Pure

Für einen Gedankensprung wäre ich sehr froh.

Beste Grüsse
Petar


Nun zu den Logs:

Defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:23 on 29/09/2013 (Petar)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:

FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Petar (administrator) on PETAR-PC on 29-09-2013 11:29:55
Running from C:\Users\Petar\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\SMINST\BLService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [DVDAgent] - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM\...\Run: [TVAgent] - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-30] (Adobe Systems Incorporated)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
MountPoints2: F - WOERH_Q1\Data und co\Docmuente_WQ1\VisualBaisc\VrPa_Project\Softwares\autorun.exe
MountPoints2: {88596de4-5dcb-11de-8fdb-00238b9e6222} - G:\laucher.exe
MountPoints2: {88ae2290-ae0b-11de-965e-00238b9e6222} - F:\
MountPoints2: {a86150f5-d510-11de-85dc-00238b9e6222} - F:\
MountPoints2: {b9eeff64-3c93-11de-88b7-00238b9e6222} - F:\
MountPoints2: {d7a1f38c-0cef-11df-99f3-00238b9e6222} - G:\LaunchU3.exe -a
MountPoints2: {e593e417-94c5-11de-8b0c-00238b9e6222} - F:\setup.exe
MountPoints2: {ec36a86f-c9b0-11df-93d9-00238b9e6222} - H:\PMBP_Win.exe
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
AppInit_DLLs: avgrsstx.dll [ 2010-04-16] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
SearchScopes: HKLM - DefaultScope {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKLM - {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKCU - DefaultScope {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKCU - {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Petar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\DeviceDetection@logitech.com
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [77824 2009-01-13] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe [237661 2009-01-08] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-09-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [26392 2013-05-23] (TrusCont Ltd)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-09-09] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:19 - 2013-09-29 11:20 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-16 22:24 - 2013-09-29 11:04 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-16 22:24 - 2013-09-17 22:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-16 22:24 - 2013-09-17 20:40 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-16 22:24 - 2013-09-17 20:40 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-16 22:23 - 2013-09-16 22:23 - 00001918 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-16 22:23 - 2009-01-25 13:14 - 00015224 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-09-16 22:22 - 2013-09-16 22:25 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 23:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 23:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 23:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 23:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 23:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-15 23:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 23:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-15 23:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-15 23:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 23:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 23:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 23:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-15 23:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 20:50 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-15 20:49 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 19:57 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 19:57 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-09 19:57 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 19:40 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 19:39 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 19:38 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 19:38 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-09 19:38 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-09 19:38 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-09 19:37 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:09 - 2013-09-09 19:07 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:04 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-09-09 19:04 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-09-09 19:03 - 2013-09-29 11:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:53 - 2013-09-09 19:31 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 18:53 - 2013-09-09 19:31 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ___HD C:\kleaner.tmp

==================== One Month Modified Files and Folders =======

2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:23 - 2009-05-09 00:43 - 00000000 ____D C:\Users\Petar
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:21 - 2013-09-09 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-29 11:20 - 2013-09-29 11:19 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-29 11:12 - 2009-03-24 03:40 - 01877816 _____ C:\Windows\WindowsUpdate.log
2013-09-29 11:06 - 2012-05-27 22:13 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Skype
2013-09-29 11:04 - 2013-09-16 22:24 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-29 11:01 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 11:01 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 11:01 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 23:40 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-17 22:17 - 2013-09-16 22:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-17 21:51 - 2012-10-08 21:46 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA.job
2013-09-17 21:51 - 2012-10-08 21:46 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core.job
2013-09-17 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-17 20:40 - 2013-09-16 22:24 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-17 20:40 - 2013-09-16 22:24 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-16 22:25 - 2013-09-16 22:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-16 22:23 - 2013-09-16 22:23 - 00001918 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-16 20:32 - 2009-07-31 17:28 - 00000000 ____D C:\Users\Petar\Documents\Bank
2013-09-16 20:21 - 2006-11-02 14:47 - 00393432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 23:47 - 2009-05-09 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 20:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-10 03:09 - 2009-03-07 17:29 - 00662132 _____ C:\Windows\system32\perfh010.dat
2013-09-10 03:09 - 2009-03-07 17:29 - 00122888 _____ C:\Windows\system32\perfc010.dat
2013-09-10 03:08 - 2006-11-02 12:33 - 03056766 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 22:49 - 2010-03-05 14:24 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForPetar.job
2013-09-09 20:38 - 2008-01-21 04:47 - 00209926 _____ C:\Windows\PFRO.log
2013-09-09 20:38 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-09 20:10 - 2013-08-04 19:13 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-09 20:05 - 2012-12-18 21:37 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-09 20:05 - 2012-05-27 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:31 - 2013-09-09 18:53 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 19:31 - 2013-09-09 18:53 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 19:31 - 2012-10-18 14:50 - 00044000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-09 19:31 - 2012-08-13 16:49 - 00145040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:07 - 2013-09-09 19:09 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ___HD C:\kleaner.tmp
2013-09-09 18:48 - 2009-05-09 14:45 - 00000000 ____D C:\Program Files\AVG
2013-09-09 18:37 - 2011-04-18 20:23 - 00000000 ____D C:\Users\Gast\Tracing

Files to move or delete:
====================
C:\Users\Petar\AppData\Roaming\settings.ini
C:\Users\Petar\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Petar\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Petar\AppData\Local\Temp\detectionui_r.exe
C:\Users\Petar\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\local.dll
C:\Users\Petar\AppData\Local\Temp\_isAED4.exe
C:\Users\Petar\AppData\Local\Temp\_isCF4F.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-29 11:10

==================== End Of Log ============================
         
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by Petar at 2013-09-29 11:31:01
Running from C:\Users\Petar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
Adobe Shockwave Player (Version: 11.0)
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
ANNO 1503 GOLD (Version: 1.05.00)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
AutoUpdate (Version: 1.1)
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.46 (Version: 1.0.0.46)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full Existing (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full New (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Light (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Common (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0122.1.43106)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0122.1.43106)
CCC Help Chinese Standard (Version: 2009.0122.0000.43106)
CCC Help Chinese Traditional (Version: 2009.0122.0000.43106)
CCC Help Czech (Version: 2009.0122.0000.43106)
CCC Help Danish (Version: 2009.0122.0000.43106)
CCC Help Dutch (Version: 2009.0122.0000.43106)
CCC Help English (Version: 2009.0122.0000.43106)
CCC Help Finnish (Version: 2009.0122.0000.43106)
CCC Help French (Version: 2009.0122.0000.43106)
CCC Help German (Version: 2009.0122.0000.43106)
CCC Help Greek (Version: 2009.0122.0000.43106)
CCC Help Hungarian (Version: 2009.0122.0000.43106)
CCC Help Italian (Version: 2009.0122.0000.43106)
CCC Help Japanese (Version: 2009.0122.0000.43106)
CCC Help Korean (Version: 2009.0122.0000.43106)
CCC Help Norwegian (Version: 2009.0122.0000.43106)
CCC Help Polish (Version: 2009.0122.0000.43106)
CCC Help Portuguese (Version: 2009.0122.0000.43106)
CCC Help Russian (Version: 2009.0122.0000.43106)
CCC Help Spanish (Version: 2009.0122.0000.43106)
CCC Help Swedish (Version: 2009.0122.0000.43106)
CCC Help Thai (Version: 2009.0122.0000.43106)
CCC Help Turkish (Version: 2009.0122.0000.43106)
ccc-core-static (Version: 2009.0122.1.43106)
ccc-utility (Version: 2009.0122.1.43106)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Flight Simulator X Service Pack 1
FlyLogic's - Patrouille Suisse X (Version: 1.00)
Free Video Converter V 2.9 (Version: 2.9.0.0)
H.264 Decoder (Version: 1.1.0)
HP Active Support Library (Version: 3.1.9.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Help and Support (Version: 2.1.3.0)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart TV (Version: 2.1.1219)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Quick Launch Buttons 6.40 L1 (Version: 6.40 L1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP Update (Version: 4.000.013.003)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50 A6)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6087.22)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0512)
Microsoft Works (Version: 9.7.0621)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 7.0.0.0000)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Internet Security (Version: 16.0.0.125)
PhotoNow! (Version: 1.1.5615)
Project BO-105 PAH
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
QuickTime (Version: 7.73.80.64)
Radar v2.0 for FSX
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Setup-Start von Microsoft Works 2004
Skins (Version: 2009.0122.1.43106)
Skype™ 6.6 (Version: 6.6.106)
Spybot - Search & Destroy (Version: 2.1.21)
Steuer 2011 12.0.1 (Version: 12.0.1)
Steuer 2012 13.0.3 (Version: 13.0.3)
Synaptics Pointing Device Driver (Version: 12.1.0.0)
Tom Clancy's H.A.W.X. 2 (Version: 1.0.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.2 (Version: 1.0.2)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinRAR

==================== Restore Points  =========================

30-06-2013 18:05:39 Sprachpaketdeinstallation
01-07-2013 20:39:38 Sprachpaketdeinstallation
02-07-2013 19:11:21 Sprachpaketdeinstallation
03-07-2013 17:50:08 Sprachpaketdeinstallation
06-07-2013 10:32:14 Sprachpaketdeinstallation
08-07-2013 19:47:41 Windows Update
08-07-2013 20:00:35 Sprachpaketdeinstallation
11-07-2013 21:06:14 Sprachpaketdeinstallation
15-07-2013 18:17:39 Windows Update
16-07-2013 20:16:07 Sprachpaketdeinstallation
17-07-2013 19:35:51 Sprachpaketdeinstallation
18-07-2013 19:21:29 Sprachpaketdeinstallation
24-07-2013 19:40:00 Avg Update
24-07-2013 19:50:35 Sprachpaketdeinstallation
28-07-2013 11:39:50 Sprachpaketdeinstallation
29-07-2013 15:37:34 Sprachpaketdeinstallation
31-07-2013 20:18:52 Sprachpaketdeinstallation
01-08-2013 09:51:52 Sprachpaketdeinstallation
01-08-2013 23:08:41 Sprachpaketdeinstallation
07-08-2013 20:18:39 Sprachpaketdeinstallation
09-09-2013 16:54:57 First Restore Point
09-09-2013 17:05:53 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
09-09-2013 17:10:19 Sprachpaketdeinstallation
09-09-2013 17:36:22 First Restore Point
09-09-2013 18:08:51 Sprachpaketdeinstallation
09-09-2013 19:05:47 Sprachpaketdeinstallation
10-09-2013 01:00:56 Windows Update
15-09-2013 18:16:46 Sprachpaketdeinstallation
15-09-2013 21:28:15 Windows Update
16-09-2013 19:10:44 Sprachpaketdeinstallation
17-09-2013 18:56:24 Sprachpaketdeinstallation
29-09-2013 09:18:08 Sprachpaketdeinstallation

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3B2EEE0C-211E-435C-A8E6-6303CDEF3F9E} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49FBE542-368A-437F-BD45-CFE54258B979} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {50001D87-3D44-49D8-95FC-3A1997DE42BC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5BA444EB-2319-4F76-80B0-F24EAA2F01BC} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6A14DD91-AB0C-405B-9200-D90F787DCCBF} - System32\Tasks\{511E94B8-0376-4F5A-8C2D-A44856AD79DC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {8E6CD6A3-BB09-4C0D-998F-E10FF569A170} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {9FA0D467-4B2F-4EC6-AA27-13AFCF76AD1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AF677D66-1403-4A77-A9AA-5CBCB308AFBC} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B9C6F8AE-39BC-4F3A-8F2E-83E41424EF81} - System32\Tasks\HPCeeScheduleForPetar => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D3EDC5CE-9E56-457D-A2A8-D1DCF998B0CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FD0D3D42-5A18-4CCC-A3CD-7992EC2004BC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core.job => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA.job => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPetar.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-12-24 00:00 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-16 22:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-16 22:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2009-01-22 02:34 - 2009-01-22 02:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2009-03-24 03:47 - 2009-03-24 03:47 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-29 18:34 - 2008-10-29 18:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-02 21:59 - 2013-07-02 21:59 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-06-30 23:13 - 2013-06-30 23:13 - 16033160 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2013 11:05:38 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xd80, Anwendungsstartzeit TVAgent.exe0.

Error: (09/29/2013 11:02:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 11:16:20 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x1498, Anwendungsstartzeit firefox.exe0.

Error: (09/17/2013 08:40:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:25:52 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xee8, Anwendungsstartzeit TVAgent.exe0.

Error: (09/16/2013 08:22:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 11:26:55 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/15/2013 10:23:15 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x1054, Anwendungsstartzeit firefox.exe0.

Error: (09/15/2013 08:11:17 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0x4f8, Anwendungsstartzeit TVAgent.exe0.

Error: (09/15/2013 07:59:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/29/2013 11:19:25 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT

Error: (09/29/2013 11:19:22 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR

Error: (09/29/2013 11:03:41 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (09/29/2013 11:02:19 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/17/2013 08:57:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT

Error: (09/17/2013 08:57:41 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR

Error: (09/17/2013 08:45:04 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (09/17/2013 08:40:40 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/16/2013 09:15:58 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT

Error: (09/16/2013 09:15:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR


Microsoft Office Sessions:
=========================
Error: (09/29/2013 11:05:38 AM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3d8001cebcf2dbc8182b

Error: (09/29/2013 11:02:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 11:16:20 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668149801ceb3e96dd8bfd2

Error: (09/17/2013 08:40:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:25:52 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3ee801ceb309fc913780

Error: (09/16/2013 08:22:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 11:26:55 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/15/2013 10:23:15 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668105401ceb25105c810d0

Error: (09/15/2013 08:11:17 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a34f801ceb23d90979e10

Error: (09/15/2013 07:59:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-09-29 11:30:09.370
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:30:08.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:30:07.508
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:30:06.455
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:27:53.125
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:27:52.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:27:51.132
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:27:50.107
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-17 23:31:18.092
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-17 23:31:17.094
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 3068.9 MB
Available physical RAM: 1415.52 MB
Total Pagefile: 6369.79 MB
Available Pagefile: 4436.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.51 GB) (Free:108.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.58 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D51C35F4)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER Log:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-29 12:24:56
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Petar\AppData\Local\Temp\kgloapow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwAdjustPrivilegesToken [0xA109B6BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwAlpcConnectPort [0xA104EC02]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwAlpcCreatePort [0xA104EF4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwAlpcSendWaitReceivePort [0xA104F390]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwClose [0xA103728C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwConnectPort [0xA104E8DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateEvent [0xA1037804]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateMutant [0xA10376EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreatePort [0xA104EDAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateSection [0xA109E528]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateSemaphore [0xA1037924]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateThread [0xA109D9BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateWaitablePort [0xA104EE7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwDebugActiveProcess [0xA109D506]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwDeviceIoControlFile [0xA10372D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwDuplicateObject [0xA109B7FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwLoadDriver [0xA109B464]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwMapViewOfSection [0xA109E320]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwNotifyChangeKey [0xA104D06C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenEvent [0xA103789A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenMutant [0xA103777A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenProcess [0xA109D0AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenSection [0xA109E7D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenSemaphore [0xA10379BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenThread [0xA109D718]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwQueryDirectoryObject [0xA1037A44]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwQueryObject [0xA104D27A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwQueueApcThread [0xA109E1D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwReplyPort [0xA104F174]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwReplyWaitReceivePort [0xA104F002]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwReplyWaitReceivePortEx [0xA104F0B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwRequestWaitReplyPort [0xA104F1E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwResumeThread [0xA109DEFE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSecureConnectPort [0xA104EA6A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSetContextThread [0xA109E05C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSetInformationToken [0xA1037AE6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSetSystemInformation [0xA109B56E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSuspendProcess [0xA109D24E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSuspendThread [0xA109DDA6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSystemDebugControl [0xA1037AF8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwTerminateProcess [0xA109D3AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwTerminateThread [0xA109D8B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwUnmapViewOfSection [0xA109E93C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwWriteVirtualMemory [0xA109E666]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateThreadEx [0xA109DBFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateUserProcess [0xA109D660]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 119                       824EA764 4 Bytes  [BA, B6, 09, A1]
.text           ntkrnlpa.exe!KeSetEvent + 13D                       824EA788 8 Bytes  [02, EC, 04, A1, 4A, EF, 04, ...] {ADD CH, AH; ADD AL, 0xa1; DEC EDX; OUT DX, EAX; ADD AL, 0xa1}
.text           ntkrnlpa.exe!KeSetEvent + 181                       824EA7CC 4 Bytes  [90, F3, 04, A1] {NOP ; ADD AL, 0xa1}
.text           ntkrnlpa.exe!KeSetEvent + 1A9                       824EA7F4 4 Bytes  [8C, 72, 03, A1]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                       824EA80C 4 Bytes  [DC, E8, 04, A1] {FSUB ST0, ST0; ADD AL, 0xa1}
.text           ...                                                 
.text           C:\Windows\system32\DRIVERS\atikmdag.sys            section is writeable [0x9FC04000, 0x241BC8, 0xE8000020]
.text           C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl  section is writeable [0xB135C000, 0x2892, 0xE8000020]
.vmp2           C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl  entry point in ".vmp2" section [0xB137F050]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0             Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1             Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                             kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                             kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                           kltdi.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                               unknown MBR code

---- EOF - GMER 2.1 ----
         
MBAM Log's

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.29.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Petar :: PETAR-PC [Administrator]

29.09.2013 12:35:07
mbam-log-2013-09-29 (12-35-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 243045
Laufzeit: 29 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
2013/09/16 20:22:14 +0200	PETAR-PC	(null)	MESSAGE	Executing scheduled update:  Daily
2013/09/16 20:22:16 +0200	PETAR-PC	(null)	ERROR	Scheduled update failed:  Host not found failed with error code 0
2013/09/16 20:22:28 +0200	PETAR-PC	(null)	MESSAGE	Starting protection
2013/09/16 20:22:28 +0200	PETAR-PC	(null)	MESSAGE	Protection started successfully
2013/09/16 20:22:28 +0200	PETAR-PC	(null)	MESSAGE	Starting IP protection
2013/09/16 20:22:41 +0200	PETAR-PC	(null)	MESSAGE	IP Protection started successfully
2013/09/16 20:25:58 +0200	PETAR-PC	Petar	MESSAGE	Starting database refresh
2013/09/16 20:25:58 +0200	PETAR-PC	Petar	MESSAGE	Stopping IP protection
2013/09/16 20:25:59 +0200	PETAR-PC	Petar	MESSAGE	IP Protection stopped successfully
2013/09/16 20:26:09 +0200	PETAR-PC	Petar	MESSAGE	Database refreshed successfully
2013/09/16 20:26:09 +0200	PETAR-PC	Petar	MESSAGE	Starting IP protection
2013/09/16 20:26:25 +0200	PETAR-PC	Petar	MESSAGE	IP Protection started successfully
2013/09/16 22:11:29 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:29 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:37 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:45 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:45 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
         
Auszug aus dem Kaspersky Scan mit Auffinden der Java-Generic Files:
Code:
ATTFilter
jar_cache2254907160662247655.tmp	Nicht desinfizierte Objekte: HEUR:Exploit.Java.CVE-2013-2465.gen	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:35	
jar_cache2254907160662247655.tmp	Gefunden: HEUR:Exploit.Java.CVE-2013-2465.gen	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:34	
jar_cache2254907160662247655.tmp	Nicht desinfizierte Objekte: HEUR:Exploit.Java.Generic	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:34	
jar_cache2254907160662247655.tmp	Gefunden: HEUR:Exploit.Java.Generic	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:34	
jar_cache2254907160662247655.tmp	Nicht desinfizierte Objekte: HEUR:Exploit.Java.CVE-2013-1493.a	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:34	
jar_cache2254907160662247655.tmp	Gefunden: HEUR:Exploit.Java.CVE-2013-1493.a	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:33
         

 

Themen zu BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet
bonjour, branding, browser, converter, device driver, ebanking, entfernen, excel, farbar, farbar recovery scan tool, feedback, flash player, google, heur:exploit.java.cve-2013-1493.a, heur:exploit.java.cve-2013-2465.gen, heur:exploit.java.generic, home, homepage, installation, keine rückmeldung, langsam, launch, log's, plug-in, refresh, registry, safer networking, schutz, security, services.exe, software, svchost.exe, udp, usb, windows




Ähnliche Themen: BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet


  1. Notebook fährt ohne Grund ständig runter! Virus? Trojaner oder neues Notebook?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (9)
  2. Pc Notebook sehr langsam Trojaner Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.12.2014 (7)
  3. ZoneAlarm hat zwei Viren gefunden: HEUR:Exploit.Script.Generic und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 21.02.2014 (15)
  4. Win7-64bit sehr langsam, Kaspersky meldete Befall durch Java, sowie dubiose Seitenmeldung von www.superfish.com bei standardseitenaufruf
    Log-Analyse und Auswertung - 05.10.2013 (9)
  5. Avira meldet JAVA/Agent-Viren sowie EXP/Dldr.Java.O und EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (8)
  6. Problem mit Trojaner Win32:Zbot-QGP + Java:Agent-CDZ + Java:Malware-gen
    Log-Analyse und Auswertung - 29.03.2013 (9)
  7. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  8. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  9. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (3)
  10. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Mülltonne - 04.08.2012 (1)
  11. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  12. simdemo.exe mit Trojaner Generic 22.BSSM & Generic 26.KCB
    Log-Analyse und Auswertung - 28.12.2011 (7)
  13. PDM.Trojan.generic - Einige Ordner und Dateien sowie nicht sichtbar
    Log-Analyse und Auswertung - 02.06.2011 (6)
  14. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  15. 'JAVA/Agent.D' [virus] und 'EXP/Java.Agent.BF' --- Notebook extrem laaaangsam..
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (30)
  16. Rechner langsam TR/FraudPack.apqc + EXP/Java.WebStart JAVA/Dldr.Agent.CI + CG
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (7)
  17. Notebook zu langsam, neuer IBM Viren? Trojaner? falsche Prozesse?
    Log-Analyse und Auswertung - 12.01.2009 (0)

Zum Thema BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Hallo zusammen Im August wurde ich Opfer des BKA-Trojaners auf meinem Notebook. Die Geschichte kennt man ja nur gut genug. Ich habe den Sperrbildschirm mittels Kasperskys Rescue Disk entfernen können - BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet...
Archiv
Du betrachtest: BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.