|
Plagegeister aller Art und deren Bekämpfung: Bluescreen wegen Keyboard-Treibern - Keylogger?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.10.2013, 00:41 | #1 |
| Bluescreen wegen Keyboard-Treibern - Keylogger? Hallo zusammen, für meinen PC sind Bluescreens eher ungewöhnlich. Heute ist einer aufgetreten. 0x0000001e (0xffffffffc0000005, 0xfffff80001ea0150, 0x0000000000000000, 0xffffffffffffffff) Laut BlueScreenView sind dafür kbclass.sys ntoskrnl.exe hidusb.sys verantwortlich. kbclass.sys ist dabei laut Goolge für Tastaturen zuständig. Ich habe eine stinknormale Siemens-Tastatur. Kein Schnickschnack, keine Sondertasten, also auch keine besonderen Treiber nötig. Dazu kommt, dass das sonst nie passiert und der Bluescreen auftrat, als ich afk war. Habe PC mit Kaspersky, Emsisoft-Antimalware, Spybot S&D und Malwarebytes abgescannt. MWB hat als einziges folgendes gefunden Infizierte Dateien: 1 C:\Users\user\AppData\Local\Temp\GUsx3l3P.exe.part (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt. Viren im Temp-Ordner finde ich eher ungewöhnlich. Habs erstmal nicht gelöscht. Wenn ich mir wirklich etwas eingefangen habe, würde mich das allerdings wundern. Ich bin recht vorsichtig. Ich nutze NoScript und habe Java ausgeschaltet. Außerdem, wie erwähnt, 4 Scanner, die ich regelmäßig bemühe (und nein, sie laufen nicht alle gleichzeitig im Hintergrund). Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:46 on 20/10/2013 (user) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-10-20 21:29:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000078 SAMSUNG_ rev.CXM0 119,24GB Running: gmer_2.1.19163.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldqpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80001fa9000 8 bytes [00, 00, 68, 00, 4B, 4C, 73, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666 fffff80001fa908a 12 bytes [00, 00, 01, 00, 00, 00, C0, ...] ? C:\Windows\system32\DRIVERS\Mam3.sys [0] entry point in "init" section fffff880059bf010 ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[1804] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!DPA_Create 000007fefcf1fbe4 4 bytes JMP 000007fefcff0008 .text C:\Windows\Explorer.EXE[1804] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!DPA_InsertPtr 000007fefcf1ff18 5 bytes JMP 000007fefcff0020 .text C:\Windows\Explorer.EXE[1804] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!DPA_DeletePtr 000007fefcf1ffb0 5 bytes JMP 000007fefcff0038 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007791faa8 5 bytes JMP 0000000173c619e8 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077920038 5 bytes JMP 0000000173c6209e .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769a1465 2 bytes [9A, 76] .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769a14bb 2 bytes [9A, 76] .text ... * 2 .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006ea411a8 2 bytes [A4, 6E] .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006ea413a8 2 bytes [A4, 6E] .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006ea41422 2 bytes [A4, 6E] .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006ea41498 2 bytes [A4, 6E] .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000006e501b41 2 bytes [50, 6E] .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000006e501be8 2 bytes [50, 6E] .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000006e501c20 2 bytes [50, 6E] .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000006e501cd2 2 bytes [50, 6E] .text C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000006e501cf2 2 bytes [50, 6E] .text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[3396] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000769a1465 2 bytes [9A, 76] .text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[3396] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000769a14bb 2 bytes [9A, 76] .text ... * 2 .text C:\Program Files (x86)\Pidgin\pidgin.exe[3744] C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 10 000000006a151ce2 4 bytes [40, 90, AC, 68] .text C:\Program Files (x86)\Pidgin\pidgin.exe[3744] C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 160 000000006a151d78 4 bytes [40, 90, AC, 68] .text C:\Program Files (x86)\anti-rootkit\mbar\mbar.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769a1465 2 bytes [9A, 76] .text C:\Program Files (x86)\anti-rootkit\mbar\mbar.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769a14bb 2 bytes [9A, 76] .text ... * 2 .text C:\Program Files (x86)\anti-rootkit\mbar\mbar.exe[6596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769a1465 2 bytes [9A, 76] .text C:\Program Files (x86)\anti-rootkit\mbar\mbar.exe[6596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769a14bb 2 bytes [9A, 76] .text ... * 2 .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 0000000077519b81 11 bytes {MOV EAX, 0xffffffffdae931d8; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff0975f0 5 bytes JMP 000007fffef300d8 .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff5b1180 5 bytes JMP 000007fffef301b8 .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff5b1320 7 bytes JMP 000007fffef30148 .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff5b4450 6 bytes JMP 000007fffef30110 .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff5b6720 10 bytes JMP 000007fffef30180 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}\Connection@Name isatap.{B5838B57-2704-4B49-B8CD-A4A2BF6F8ACC} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}?\Device\{FD3AA059-E0AA-4904-8DE9-7CFA41299FD7}?\Device\{D7118392-921B-4696-AC5C-40A4D07F1A5C}?\Device\{473FF2AA-9E0D-4DB0-9B91-21972B5C68DC}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}"?"{FD3AA059-E0AA-4904-8DE9-7CFA41299FD7}"?"{D7118392-921B-4696-AC5C-40A4D07F1A5C}"?"{473FF2AA-9E0D-4DB0-9B91-21972B5C68DC}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}?\Device\TCPIP6TUNNEL_{FD3AA059-E0AA-4904-8DE9-7CFA41299FD7}?\Device\TCPIP6TUNNEL_{D7118392-921B-4696-AC5C-40A4D07F1A5C}?\Device\TCPIP6TUNNEL_{473FF2AA-9E0D-4DB0-9B91-21972B5C68DC}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}@InterfaceName isatap.{B5838B57-2704-4B49-B8CD-A4A2BF6F8ACC} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}@ReusableType 0 ---- EOF - GMER 2.1 ---- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2013 Ran by user (administrator) on user-PC on 20-10-2013 22:01:56 Running from C:\Users\user\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe () C:\Program Files (x86)\WizMouse\WizMouse.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Hauppauge Computer Works, Inc) C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe () C:\Windows\System32\Mam3Pan.exe (RaMMicHaeL) C:\Users\user\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe () C:\Program Files (x86)\WinHotKey\WinHotKey.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files (x86)\GridMove\GridMove.exe (AppWork GmbH) C:\Program Files\JDownloader 2\JDownloader 2.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe () C:\Program Files (x86)\myhotkey\myHotkey.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe () C:\Program Files\Rainmeter\Rainmeter.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Mam3PAN.exe] - C:\Windows\system32\Mam3PAN.exe [1168152 2013-07-02] () HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] () HKCU\...\Run: [7 Taskbar Tweaker] - C:\Users\user\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [305664 2013-10-18] (RaMMicHaeL) HKCU\...\Run: [WinHotKey] - C:\Program Files (x86)\WinHotKey\WinHotKey.exe [480768 2004-11-11] () HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1 HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ET6.lnk ShortcutTarget: ET6.lnk -> C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe () Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GridMove.lnk ShortcutTarget: GridMove.lnk -> C:\Program Files (x86)\GridMove\GridMove.exe () Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader 2.lnk ShortcutTarget: JDownloader 2.lnk -> C:\Program Files\JDownloader 2\JDownloader 2.exe (AppWork GmbH) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lockscreen.vbs () Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myHotkey - Verknüpfung.lnk ShortcutTarget: myHotkey - Verknüpfung.lnk -> C:\Program Files (x86)\myhotkey\myHotkey.exe () Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk ShortcutTarget: Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\searchplugins\wolframalpha.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Roomy Bookmarks Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\ALone-live@ya.ru FF Extension: Custom Buttons - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\custombuttons@xsms.org FF Extension: FoxyProxy Basic - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\foxyproxy@eric.h.jung FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: about-addons-memory - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\about-addons-memory@tn123.org.xpi FF Extension: alertbox - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\alertbox@ajitk.com.xpi FF Extension: classicishaddonmanager - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\classicishaddonmanager@dagger2-addons.mozilla.org.xpi FF Extension: elemhidehelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\elemhidehelper@adblockplus.org.xpi FF Extension: exif_viewer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\exif_viewer@mozilla.doslash.org.xpi FF Extension: f6 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\f6@merike.pri.ee.xpi FF Extension: ffvkontaktevideo - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\ffvkontaktevideo@chupakabr.ru.xpi FF Extension: firegestures - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\firegestures@xuldev.org.xpi FF Extension: hidecaptionplus-dp - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi FF Extension: jid0-UVAeBCfd34Kk5usS8A1CBiobvM8 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi FF Extension: openwith - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\openwith@darktrojan.net.xpi FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Kaspersky URL Advisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0 CHR Extension: (Safe Money) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0 CHR Extension: (Content Blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0 CHR Extension: (Virtual Keyboard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0 CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR Extension: (Anti-Banner) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0 CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= S4 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4153784 2013-10-20] (Emsisoft GmbH) S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO) R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software) R2 Hauppauge WinTV Extender; C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe [59392 2013-04-17] (Hauppauge Computer Works, Inc) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [581632 2013-05-15] (Hauppauge Computer Works) ==================== Drivers (Whitelisted) ==================== S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-09-06] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-28] (Emsisoft GmbH) R3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [46384 2009-04-24] (Advanced Micro Devices) R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices) S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-09-06] (Emsisoft GmbH) R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () R3 etdrv; C:\Windows\etdrv.sys [25640 2013-10-20] (Windows (R) Server 2003 DDK provider) S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () R3 gdrv; C:\Windows\gdrv.sys [25640 2013-10-20] (Windows (R) Server 2003 DDK provider) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-10-20] () R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-24] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-16] (Kaspersky Lab ZAO) R1 Mam3.sys; C:\Windows\System32\DRIVERS\Mam3.sys [58648 2013-07-02] () R3 Mam3WDM.sys; C:\Windows\System32\DRIVERS\Mam3WDM.sys [44312 2013-07-02] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-10-20] (Malwarebytes Corporation) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [10568 2013-09-16] () S3 catchme; \??\C:\ComboFix\catchme.sys [x] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-16] (Kaspersky Lab ZAO) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-20 22:01 - 2013-10-20 22:01 - 01954624 ____C (Farbar) C:\Users\user\Desktop\FRST64.exe 2013-10-20 21:58 - 2013-10-20 21:58 - 00000022 ____C C:\Windows\S.dirmngr 2013-10-20 21:52 - 2013-10-20 21:57 - 00000085 ____C C:\Windows\wininit.ini 2013-10-20 21:49 - 2013-10-20 21:49 - 00028067 ____C C:\Users\user\.recently-used.xbel 2013-10-20 21:32 - 2013-10-20 21:32 - 00000472 ____C C:\Users\user\Desktop\defogger_disable.log 2013-10-20 21:29 - 2013-10-20 21:31 - 00010262 ____C C:\Users\user\Desktop\gmer.txt 2013-10-20 21:29 - 2013-10-20 21:29 - 00010788 ____C C:\Users\user\Desktop\Addition.txt 2013-10-20 20:59 - 2013-10-20 21:34 - 00010788 ____C C:\Users\user\Downloads\Addition.txt 2013-10-20 20:59 - 2013-10-20 20:59 - 00000000 ___DC C:\FRST 2013-10-20 20:51 - 2013-10-20 20:51 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking 2013-10-20 20:45 - 2013-10-20 20:45 - 00000000 ____C C:\Users\user\defogger_reenable 2013-10-20 20:29 - 2013-10-20 20:31 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ___DC C:\Program Files (x86)\anti-rootkit 2013-10-20 20:06 - 2013-10-20 20:06 - 00000000 ___DC C:\Users\user\Documents\ProcAlyzer Dumps 2013-10-20 20:02 - 2013-10-20 21:58 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-10-16 17:15 - 2013-10-20 21:58 - 00000926 ____C C:\Users\user\IP_Log_Data.js 2013-10-13 00:39 - 2013-10-13 17:14 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird 2013-10-10 22:41 - 2013-10-20 21:58 - 00000840 ____C C:\Windows\setupact.log 2013-10-10 22:41 - 2013-10-10 22:41 - 00000000 ____C C:\Windows\setuperr.log 2013-10-09 17:40 - 2013-10-09 17:47 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 17:40 - 2013-10-09 17:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 17:40 - 2013-10-09 17:47 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 17:40 - 2013-10-09 17:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 17:40 - 2013-10-09 17:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 17:39 - 2013-10-09 17:47 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 17:39 - 2013-10-09 17:47 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 17:39 - 2013-10-09 17:47 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 17:39 - 2013-10-09 17:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 17:39 - 2013-10-09 17:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 17:39 - 2013-10-09 17:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 17:39 - 2013-10-09 17:47 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 17:39 - 2013-10-09 17:47 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 16:44 - 2013-10-09 16:44 - 00025276 ____C C:\ComboFix.txt 2013-10-09 16:25 - 2011-06-26 08:45 - 00256000 ____C C:\Windows\PEV.exe 2013-10-09 16:25 - 2010-11-07 19:20 - 00208896 ____C C:\Windows\MBR.exe 2013-10-09 16:25 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe 2013-10-09 16:25 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe 2013-10-09 16:25 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe 2013-10-09 16:25 - 2000-08-31 02:00 - 00098816 ____C C:\Windows\sed.exe 2013-10-09 16:25 - 2000-08-31 02:00 - 00080412 ____C C:\Windows\grep.exe 2013-10-09 16:25 - 2000-08-31 02:00 - 00068096 ____C C:\Windows\zip.exe 2013-10-09 16:23 - 2013-10-09 16:44 - 00000000 ___DC C:\Qoobox 2013-10-09 16:22 - 2013-10-09 16:43 - 00000000 ___DC C:\Windows\erdnt 2013-10-09 16:17 - 2013-10-09 17:47 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 16:17 - 2013-10-09 17:47 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-09 16:17 - 2013-10-09 17:46 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 16:17 - 2013-10-09 17:46 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 16:17 - 2013-10-09 17:46 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-09 16:17 - 2013-10-09 17:46 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 16:17 - 2013-10-09 17:46 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-09 16:17 - 2013-10-09 17:46 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-09 16:17 - 2013-10-09 17:46 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 16:17 - 2013-10-09 17:46 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 16:17 - 2013-10-09 17:46 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 16:17 - 2013-10-09 17:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 16:17 - 2013-07-12 12:41 - 00100864 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-09 16:17 - 2013-07-03 06:40 - 00042496 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-09 16:17 - 2013-07-03 06:05 - 00076800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-09 16:17 - 2013-07-03 06:05 - 00032896 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-09 16:16 - 2013-10-09 17:47 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-09 16:16 - 2013-10-09 17:47 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 16:16 - 2013-10-09 17:46 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 16:16 - 2013-10-09 17:46 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 16:16 - 2013-10-09 17:46 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-09 16:16 - 2013-10-09 17:46 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 16:16 - 2013-10-09 17:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 16:16 - 2013-09-04 14:12 - 00343040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-09 16:16 - 2013-09-04 14:11 - 00325120 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-09 16:16 - 2013-09-04 14:11 - 00099840 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-09 16:16 - 2013-09-04 14:11 - 00052736 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-09 16:16 - 2013-09-04 14:11 - 00030720 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-09 16:16 - 2013-09-04 14:11 - 00025600 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-09 16:16 - 2013-09-04 14:11 - 00007808 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-06 00:24 - 2013-10-06 00:24 - 00000000 ___DC C:\Program Files (x86)\LAV Filters 2013-10-06 00:23 - 2013-10-06 00:23 - 00000000 ___DC C:\Program Files (x86)\AC3Filter 2013-10-06 00:23 - 2013-04-05 21:27 - 02231296 ____C C:\Windows\system32\ac3filter64.acm 2013-10-06 00:23 - 2013-04-05 21:26 - 01679360 ____C C:\Windows\SysWOW64\ac3filter.acm 2013-10-06 00:20 - 2013-10-06 00:24 - 00000000 ___DC C:\Program Files (x86)\DVBViewer 2013-10-06 00:20 - 2013-10-06 00:20 - 00000000 ___DC C:\ProgramData\CMUV 2013-10-05 23:27 - 2013-10-05 23:27 - 00000000 ___DC C:\Program Files\PlayReady 2013-10-05 23:25 - 2013-10-12 18:15 - 00000000 __RDC C:\Users\Public\Recorded TV 2013-10-05 19:07 - 2013-10-05 19:26 - 00000000 ___DC C:\Program Files (x86)\DScaler 2013-10-05 18:57 - 2013-10-05 19:26 - 00000000 ___DC C:\Program Files (x86)\K!TV 2013-10-03 21:28 - 2013-10-13 20:31 - 00010420 _____ C:\Users\user\Desktop\cl.xlsx 2013-10-02 17:37 - 2013-10-02 17:39 - 00000000 ___DC C:\Program Files (x86)\GhostMouse 2013-10-02 16:19 - 2013-10-02 16:19 - 00005558 ____C C:\Users\user\Desktop\Neues Textdokument.txt 2013-10-01 19:42 - 2013-10-01 19:42 - 00000000 ___DC C:\Users\user\AppData\Local\Unity 2013-09-28 00:51 - 2013-09-28 00:51 - 00000000 ___DC C:\Program Files\VideoLAN 2013-09-26 14:47 - 2013-09-26 14:47 - 00000000 ___DC C:\Users\user\AppData\Roaming\MusicBrainz 2013-09-26 14:47 - 2013-09-26 14:47 - 00000000 ___DC C:\Users\user\AppData\Local\cache 2013-09-26 14:46 - 2013-09-26 14:46 - 00000000 ___DC C:\Program Files (x86)\MusicBrainz Picard 2013-09-26 00:14 - 2013-09-26 00:15 - 00000000 ___DC C:\Users\user\AppData\Roaming\Raptr 2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr 2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\library_dir 2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Program Files (x86)\Raptr 2013-09-25 13:46 - 2013-09-25 13:46 - 00000000 ___DC C:\symbols 2013-09-25 13:44 - 2013-09-25 13:44 - 00000000 ___DC C:\Program Files (x86)\Windows Kits 2013-09-24 18:29 - 2013-09-24 18:29 - 00032758 ____C C:\Users\user\AppData\Local\recently-used.xbel 2013-09-22 00:39 - 2013-09-22 00:39 - 00000000 ___DC C:\ProgramData\ATI 2013-09-22 00:39 - 2013-09-22 00:39 - 00000000 ___DC C:\Program Files (x86)\AMD AVT 2013-09-22 00:38 - 2013-09-22 00:39 - 00000000 ___DC C:\Program Files\ATI Technologies 2013-09-22 00:38 - 2013-09-22 00:38 - 00000000 ___DC C:\Program Files (x86)\ATI Technologies 2013-09-22 00:31 - 2013-09-22 00:31 - 00059932 ____C C:\Windows\SysWOW64\CCCInstall_201309220031586549.log 2013-09-21 00:46 - 2013-09-21 00:46 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cossacks ==================== One Month Modified Files and Folders ======= 2013-10-20 22:01 - 2013-10-20 22:01 - 01954624 ____C (Farbar) C:\Users\user\Desktop\FRST64.exe 2013-10-20 22:01 - 2013-05-12 16:00 - 01786986 ____C C:\Windows\WindowsUpdate.log 2013-10-20 22:00 - 2013-05-12 18:00 - 00076476 ____C C:\Users\user\Network_Meter_Data.js 2013-10-20 22:00 - 2013-05-12 17:06 - 00000000 ___DC C:\Users\user\AppData\Roaming\Dropbox 2013-10-20 21:59 - 2013-07-24 13:13 - 00000000 ___DC C:\ProgramData\Kaspersky Lab 2013-10-20 21:59 - 2013-05-28 23:41 - 00000000 ___DC C:\Program Files (x86)\Emsisoft Anti-Malware 2013-10-20 21:59 - 2013-05-13 00:40 - 00030528 ____C C:\Windows\GVTDrv64.sys 2013-10-20 21:59 - 2013-05-13 00:40 - 00025640 ____C (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys 2013-10-20 21:59 - 2013-05-12 17:40 - 00000000 ___DC C:\Users\user\AppData\Roaming\.purple 2013-10-20 21:59 - 2013-05-12 17:18 - 00003292 ____C C:\Windows\System32\Tasks\WizMouse 2013-10-20 21:59 - 2013-05-12 16:15 - 00025640 ____C (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2013-10-20 21:58 - 2013-10-20 21:58 - 00000022 ____C C:\Windows\S.dirmngr 2013-10-20 21:58 - 2013-10-20 20:02 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-10-20 21:58 - 2013-10-16 17:15 - 00000926 ____C C:\Users\user\IP_Log_Data.js 2013-10-20 21:58 - 2013-10-10 22:41 - 00000840 ____C C:\Windows\setupact.log 2013-10-20 21:58 - 2013-08-02 10:07 - 00010578 ____C C:\Windows\PFRO.log 2013-10-20 21:58 - 2013-05-12 18:23 - 00000000 ___DC C:\Program Files\JDownloader 2 2013-10-20 21:58 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2013-10-20 21:57 - 2013-10-20 21:52 - 00000085 ____C C:\Windows\wininit.ini 2013-10-20 21:55 - 2013-05-12 19:25 - 00003018 ____C C:\Windows\System32\Tasks\MSIAfterburner 2013-10-20 21:55 - 2013-05-12 18:47 - 00000029 ____C C:\Users\user\AppData\Roaming\Network Meter_Usage.ini 2013-10-20 21:49 - 2013-10-20 21:49 - 00028067 ____C C:\Users\user\.recently-used.xbel 2013-10-20 21:49 - 2013-05-13 22:46 - 00000000 ___DC C:\Users\user\AppData\Roaming\gedit 2013-10-20 21:49 - 2013-05-13 22:31 - 00000000 ___DC C:\Users\user\.gconfd 2013-10-20 21:49 - 2013-05-12 16:03 - 00000000 ___DC C:\Users\user 2013-10-20 21:34 - 2013-10-20 20:59 - 00010788 ____C C:\Users\user\Downloads\Addition.txt 2013-10-20 21:32 - 2013-10-20 21:32 - 00000472 ____C C:\Users\user\Desktop\defogger_disable.log 2013-10-20 21:31 - 2013-10-20 21:29 - 00010262 ____C C:\Users\user\Desktop\gmer.txt 2013-10-20 21:29 - 2013-10-20 21:29 - 00010788 ____C C:\Users\user\Desktop\Addition.txt 2013-10-20 20:59 - 2013-10-20 20:59 - 00000000 ___DC C:\FRST 2013-10-20 20:59 - 2013-05-13 22:31 - 00000000 ___DC C:\Users\user\.gconf 2013-10-20 20:51 - 2013-10-20 20:51 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking 2013-10-20 20:45 - 2013-10-20 20:45 - 00000000 ____C C:\Users\user\defogger_reenable 2013-10-20 20:31 - 2013-10-20 20:29 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ___DC C:\Program Files (x86)\anti-rootkit 2013-10-20 20:08 - 2013-05-12 17:24 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy 2013-10-20 20:06 - 2013-10-20 20:06 - 00000000 ___DC C:\Users\user\Documents\ProcAlyzer Dumps 2013-10-20 20:01 - 2013-05-12 17:24 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2013-10-20 19:08 - 2009-07-14 19:58 - 00702602 ____C C:\Windows\system32\perfh007.dat 2013-10-20 19:08 - 2009-07-14 19:58 - 00150242 ____C C:\Windows\system32\perfc007.dat 2013-10-20 19:08 - 2009-07-14 07:13 - 01627948 ____C C:\Windows\system32\PerfStringBackup.INI 2013-10-20 19:07 - 2009-07-14 06:45 - 00020480 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-20 19:07 - 2009-07-14 06:45 - 00020480 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-20 19:02 - 2013-05-12 15:57 - 00000000 ___DC C:\Windows\Minidump 2013-10-20 19:02 - 2012-12-04 02:18 - 00305966 ____N C:\Windows\Minidump\102013-14196-01.dmp 2013-10-20 18:24 - 2013-09-05 01:55 - 00000000 ___DC C:\Program Files (x86)\RivaTuner Statistics Server 2013-10-20 18:24 - 2013-05-12 17:22 - 00000000 ___DC C:\Program Files (x86)\MSI Afterburner 2013-10-20 18:24 - 2013-05-12 17:05 - 00000000 ___DC C:\Windows\SysWOW64\directx 2013-10-20 18:23 - 2013-09-05 01:55 - 00001086 ____C C:\Users\user\Desktop\MSI Afterburner.lnk 2013-10-20 03:32 - 2013-05-12 17:42 - 00000000 ___DC C:\Users\user\AppData\Roaming\vlc 2013-10-15 23:12 - 2013-05-12 16:43 - 00007616 ____C C:\Users\user\AppData\Local\Resmon.ResmonCfg 2013-10-14 12:45 - 2013-05-16 20:51 - 00000000 ___DC C:\Users\user\AppData\Roaming\ViberPC 2013-10-14 12:45 - 2013-05-16 20:51 - 00000000 ___DC C:\Users\user\AppData\Local\Viber 2013-10-14 12:31 - 2013-05-12 16:45 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-13 20:31 - 2013-10-03 21:28 - 00010420 _____ C:\Users\user\Desktop\cl.xlsx 2013-10-13 17:14 - 2013-10-13 00:39 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird 2013-10-12 18:15 - 2013-10-05 23:25 - 00000000 __RDC C:\Users\Public\Recorded TV 2013-10-11 22:00 - 2013-05-12 17:07 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-10-11 22:00 - 2013-05-12 16:03 - 00000000 __RDC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-10 22:41 - 2013-10-10 22:41 - 00000000 ____C C:\Windows\setuperr.log 2013-10-10 00:03 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Public\Libraries 2013-10-09 21:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-10-09 18:51 - 2013-05-15 23:58 - 00000000 ___DC C:\ProgramData\Microsoft Help 2013-10-09 17:56 - 2009-07-14 06:45 - 02363568 ____C C:\Windows\system32\FNTCACHE.DAT 2013-10-09 17:47 - 2013-10-09 17:40 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 17:47 - 2013-10-09 17:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 17:47 - 2013-10-09 17:40 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 17:47 - 2013-10-09 17:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 17:47 - 2013-10-09 17:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 17:47 - 2013-10-09 17:39 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 17:47 - 2013-10-09 17:39 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 17:47 - 2013-10-09 17:39 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 17:47 - 2013-10-09 17:39 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 17:47 - 2013-10-09 17:39 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 17:47 - 2013-10-09 17:39 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 17:47 - 2013-10-09 17:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 17:47 - 2013-10-09 17:39 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 17:47 - 2013-10-09 16:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 17:47 - 2013-10-09 16:17 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-09 17:47 - 2013-10-09 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-09 17:46 - 2013-10-09 16:17 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 17:46 - 2013-10-09 16:17 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 17:46 - 2013-10-09 16:17 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-09 17:46 - 2013-10-09 16:17 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 17:46 - 2013-10-09 16:17 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-09 17:46 - 2013-10-09 16:17 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-09 17:46 - 2013-10-09 16:17 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 17:46 - 2013-10-09 16:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 17:46 - 2013-10-09 16:17 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 17:46 - 2013-10-09 16:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 17:46 - 2013-10-09 16:16 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 17:46 - 2013-10-09 16:16 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 17:46 - 2013-10-09 16:16 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-09 17:46 - 2013-10-09 16:16 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 17:46 - 2013-10-09 16:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 16:44 - 2013-10-09 16:44 - 00025276 ____C C:\ComboFix.txt 2013-10-09 16:44 - 2013-10-09 16:23 - 00000000 ___DC C:\Qoobox 2013-10-09 16:44 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default 2013-10-09 16:43 - 2013-10-09 16:22 - 00000000 ___DC C:\Windows\erdnt 2013-10-09 16:42 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini 2013-10-09 16:20 - 2013-05-12 16:33 - 01601292 ____C C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-09 16:18 - 2013-07-10 21:53 - 00000000 ___DC C:\Windows\system32\MRT 2013-10-09 16:17 - 2010-02-10 00:33 - 80541720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 13:26 - 2013-07-24 13:13 - 00626272 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2013-10-09 13:26 - 2013-05-16 07:27 - 00029280 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys 2013-10-09 13:26 - 2013-05-16 07:27 - 00029280 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2013-10-09 13:26 - 2012-06-19 17:28 - 07717984 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2013-10-06 00:24 - 2013-10-06 00:24 - 00000000 ___DC C:\Program Files (x86)\LAV Filters 2013-10-06 00:24 - 2013-10-06 00:20 - 00000000 ___DC C:\Program Files (x86)\DVBViewer 2013-10-06 00:24 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\PolicyDefinitions 2013-10-06 00:23 - 2013-10-06 00:23 - 00000000 ___DC C:\Program Files (x86)\AC3Filter 2013-10-06 00:20 - 2013-10-06 00:20 - 00000000 ___DC C:\ProgramData\CMUV 2013-10-05 23:27 - 2013-10-05 23:27 - 00000000 ___DC C:\Program Files\PlayReady 2013-10-05 19:26 - 2013-10-05 19:07 - 00000000 ___DC C:\Program Files (x86)\DScaler 2013-10-05 19:26 - 2013-10-05 18:57 - 00000000 ___DC C:\Program Files (x86)\K!TV 2013-10-05 19:26 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\registration 2013-10-05 18:40 - 2013-05-28 13:57 - 00392714 ____C C:\hcwDriverInstall.txt 2013-10-05 18:39 - 2013-09-13 14:45 - 00000000 ___DC C:\Users\user\.dia 2013-10-02 17:39 - 2013-10-02 17:37 - 00000000 ___DC C:\Program Files (x86)\GhostMouse 2013-10-02 16:19 - 2013-10-02 16:19 - 00005558 ____C C:\Users\user\Desktop\Neues Textdokument.txt 2013-10-01 19:42 - 2013-10-01 19:42 - 00000000 ___DC C:\Users\user\AppData\Local\Unity 2013-09-28 14:46 - 2013-08-07 00:59 - 00000000 ___DC C:\Program Files (x86)\Opera Next 2013-09-28 00:52 - 2013-05-12 18:56 - 00000000 ___DC C:\Users\user\Desktop\proggys 2013-09-28 00:52 - 2013-05-12 17:42 - 00000000 ___DC C:\Program Files (x86)\VideoLAN 2013-09-28 00:51 - 2013-09-28 00:51 - 00000000 ___DC C:\Program Files\VideoLAN 2013-09-26 14:47 - 2013-09-26 14:47 - 00000000 ___DC C:\Users\user\AppData\Roaming\MusicBrainz 2013-09-26 14:47 - 2013-09-26 14:47 - 00000000 ___DC C:\Users\user\AppData\Local\cache 2013-09-26 14:46 - 2013-09-26 14:46 - 00000000 ___DC C:\Program Files (x86)\MusicBrainz Picard 2013-09-26 05:09 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\DVD Maker 2013-09-26 00:15 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\Raptr 2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr 2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\library_dir 2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Program Files (x86)\Raptr 2013-09-25 13:46 - 2013-09-25 13:46 - 00000000 ___DC C:\symbols 2013-09-25 13:44 - 2013-09-25 13:44 - 00000000 ___DC C:\Program Files (x86)\Windows Kits 2013-09-25 13:44 - 2013-09-01 19:49 - 00000000 ___DC C:\ProgramData\Package Cache 2013-09-24 21:08 - 2013-06-28 23:24 - 00000000 ___DC C:\Users\user\AppData\Roaming\gtk-2.0 2013-09-24 18:29 - 2013-09-24 18:29 - 00032758 ____C C:\Users\user\AppData\Local\recently-used.xbel 2013-09-22 15:45 - 2013-05-12 18:51 - 00000000 ___DC C:\Windows\pss 2013-09-22 00:39 - 2013-09-22 00:39 - 00000000 ___DC C:\ProgramData\ATI 2013-09-22 00:39 - 2013-09-22 00:39 - 00000000 ___DC C:\Program Files (x86)\AMD AVT 2013-09-22 00:39 - 2013-09-22 00:38 - 00000000 ___DC C:\Program Files\ATI Technologies 2013-09-22 00:39 - 2013-05-12 16:07 - 00000000 ___DC C:\ProgramData\AMD 2013-09-22 00:38 - 2013-09-22 00:38 - 00000000 ___DC C:\Program Files (x86)\ATI Technologies 2013-09-22 00:38 - 2013-05-12 16:07 - 00000000 ___DC C:\Program Files\ATI 2013-09-22 00:31 - 2013-09-22 00:31 - 00059932 ____C C:\Windows\SysWOW64\CCCInstall_201309220031586549.log 2013-09-21 00:46 - 2013-09-21 00:46 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cossacks 2013-09-21 00:28 - 2013-06-16 19:38 - 00000000 ___DC C:\Users\user\.VirtualBox Files to move or delete: ==================== C:\Users\user\IP_Log_Data.js C:\Users\user\Network_Meter_Data.js ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-11 14:28 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2013 Ran by user at 2013-10-20 22:02:24 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== @BIOS (x32 Version: 2.28) µTorrent (HKCU Version: 3.3.1.30017) 7+ Taskbar Tweaker v4.3.1 (HKCU Version: 4.3.1) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) AC3Filter 2.6.0b (x32 Version: 2.6.0b) Adobe AIR (x32 Version: 2.5.1.17730) Adobe Community Help (x32 Version: 3.4.980) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168) Adobe Photoshop CS5.1 (x32 Version: 12.1) Adobe Reader X (10.1.2) - Deutsch (x32 Version: 10.1.2) Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0328.2218.38225) AMD Media Foundation Decoders (Version: 1.0.80328.2204) AMD PSCheck (x32 Version: 3.4.1.0277) AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225) Any Audio Converter 4.0.1 (x32) AquaSnap (x32 Version: 1.5.3) AutoHotkey 1.1.12.00 (Version: 1.1.12.00) Canon MG5300 series MP Drivers Canon MP Navigator EX 5.0 (x32) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) CCleaner (Version: 4.02) CPUID CPU-Z 1.58 CrystalDiskInfo 5.6.2 (x32 Version: 5.6.2) Deutsch - Custom1 (Version: 1.0.3.40) Dia (nur entfernen) (x32) DisplayFusion 5.0.1 (x32 Version: 5.0.1.0) Dropbox (HKCU Version: 2.4.2) DVBViewer Pro (x32 Version: 5.1) EaseUS Partition Master 9.2.2 (x32) Easy Tune 6 B12.1018.1 (x32 Version: 1.00.0000) Empire Earth Gold Edition (x32) Emsisoft Anti-Malware (x32 Version: 7.0) Evince 2.32.0.145 (x32 Version: 2.32.0.145) EW : Cossacks (x32) gedit 2.30.1 (x32 Version: 2.30.1) GnuWin32: Wget-1.11.4-1 (x32 Version: 1.11.4-1) Google Chrome (HKCU Version: 28.0.1500.95) Google Earth (x32 Version: 7.1.1.1580) Gpg4win (2.1.1) (x32 Version: 2.1.1) GPL Ghostscript (x32 Version: 9.09) GridMove V1.19.62 (x32) Hauppauge WinTV 7 (x32 Version: v7.2.31161 (CD 2.8a)) HiJackThis (x32 Version: 1.0.0) inSSIDer 3 (x32 Version: 3.0.7.48) IrfanView (remove only) (x32 Version: 4.36) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250) JDownloader 2 (Version: 2) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Kits Configuration Installer (x32 Version: 8.59.25584) K-Lite Mega Codec Pack 8.4.0 (x32 Version: 8.4.0) LAV Filters 0.58.1 (x32 Version: 0.58.1) LibreOffice 4.0.4.2 (x32 Version: 4.0.4.2) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Maya 44 Driver version 1.17 (x32 Version: 1.17) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) MiKTeX 2.9 (x32 Version: 2.9) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0.1) Mozilla Thunderbird 24.0.1 (x86 de) (x32 Version: 24.0.1) MSI Afterburner 3.0.0 Beta 15 (x32 Version: 3.0.0 Beta 15) MusicBrainz Picard (x32 Version: 1.2) NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1) Notepad++ (x32 Version: 6.3.3) Opera 12.15 (x32 Version: 12.15.1748) Opera Next 17.0.1241.28 (x32 Version: 17.0.1241.28) Oracle VM VirtualBox 4.2.16 (Version: 4.2.16) PDF Settings CS5 (x32 Version: 10.0) PDF Split And Merge Basic (Version: 2.2.2) PDF-Viewer (Version: 2.5.210.0) Pidgin (x32 Version: 2.10.7) PlayReady PC Runtime amd64 (Version: 1.3.0) Rainmeter (x32 Version: 2.4 r1678) Raptr (x32) Ray Adams ATI Tray Tools (x32) RivaTuner Statistics Server 5.3.2 (x32 Version: 5.3.2) Ruhe V 0.09c (x32) Samsung Kies (x32 Version: 2.5.3.13052_10) Samsung Magician (x32 Version: 4.2.1) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.25.0) SDK Debuggers (x32 Version: 8.59.29746) SumatraPDF (x32 Version: 2.4) TeXstudio 2.5.2 (x32 Version: 2.5.2) TL-WN881ND Driver (x32 Version: 1.0.0) TP-LINK Wireless Configuration Utility (x32 Version: 1.0.0) TreeSize Free V2.7 (x32 Version: 2.7) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1) Viber (HKCU Version: 3.0.0.132799) VirtualCloneDrive (x32) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 2.1.0 (Version: 2.1.0) Warcraft III (x32) Warcraft III: All Products (HKCU) Windows Installer Clean Up (x32 Version: 3.00.00.0000) Windows Software Development Kit (x32 Version: 8.59.29750) Windows Software Development Kit EULA (x32 Version: 8.59.25584) Windows-Treiberpaket - Qualcomm Atheros Communications Inc. (athr) Net (03/11/2013 10.0.0.234) (Version: 03/11/2013 10.0.0.234) Windows-Treiberpaket - Qualcomm Atheros Communications Inc. Net (03/11/2013 10.0.0.234) (Version: 03/11/2013 10.0.0.234) WinHotKey 0.70 (x32) WinHTTrack Website Copier 3.47-11 (x64) (Version: 3.47.11) Winmail Opener 1.5 (x32 Version: 1.5) WinRAR 5.00 (64-Bit) (Version: 5.00.0) WizMouse v1.6.0.2 (x32) XMedia Recode Version 3.1.6.9 (x32 Version: 3.1.6.9) xp-AntiSpy 3.98-2 (x32) ==================== Restore Points ========================= 13-10-2013 17:00:05 Windows-Sicherung 15-10-2013 13:33:36 Windows Update 18-10-2013 17:46:52 Windows Update 20-10-2013 17:00:03 Windows-Sicherung ==================== Hosts content: ========================== 2013-07-23 02:06 - 2013-10-09 16:42 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0BE82B0D-9788-499D-8BC7-CF9E0C9F2404} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {1B152286-FEFC-424D-B535-F3EAE989DCBB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {72E9C43D-0E76-4B50-8BB0-1BF7B058106B} - System32\Tasks\WizMouse => C:\Program Files (x86)\WizMouse\WizMouse.exe [2011-09-30] () Task: {9B944650-48B7-4EC0-9790-F1DBC20E37A9} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-09-16] () Task: {AE523A59-651C-43FB-8956-204E74404774} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {AF5E6D21-1C8C-4704-B62D-1DCACFA7A0FF} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2008-06-27] () Task: {D2EA73E0-A001-4B62-B9DE-C6C43108FC29} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) ==================== Loaded Modules (whitelisted) ============= 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 ____C () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2013-10-20 21:59 - 2013-10-20 21:59 - 00566439 ____C () C:\Program Files\JDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll 2013-10-20 21:59 - 2013-10-20 21:59 - 04078962 ____C () C:\Program Files\JDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll 2012-11-04 16:25 - 2012-11-04 16:25 - 00736968 _____ () C:\Program Files\Rainmeter\Rainmeter.dll 2012-11-04 16:23 - 2012-11-04 16:23 - 00019968 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL 2012-11-04 16:23 - 2012-11-04 16:23 - 00012800 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.dll 2012-11-04 16:23 - 2012-11-04 16:23 - 00010240 _____ () C:\Program Files\Rainmeter\Plugins\SpeedFanPlugin.dll 2012-11-04 16:23 - 2012-11-04 16:23 - 00056832 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll 2013-05-16 07:27 - 2013-05-16 07:27 - 01310136 ____C () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll 2013-09-14 19:05 - 2013-09-14 19:05 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2013-09-14 19:05 - 2013-09-14 19:05 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2013-09-14 19:05 - 2013-09-14 19:05 - 00215552 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2013-09-14 19:05 - 2013-09-14 19:05 - 00127488 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2013-09-14 19:06 - 2013-09-14 19:06 - 00597504 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 ____C () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll 2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 ____C () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll 2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 ____C () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll 2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 ____C () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll 2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 ____C () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll 2013-09-01 20:04 - 2011-08-23 10:04 - 00057344 ____C () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll 2013-10-13 00:39 - 2013-10-13 00:39 - 03008112 ____C () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-10-13 00:39 - 2013-10-13 00:39 - 00158832 ____C () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-10-13 00:39 - 2013-10-13 00:39 - 00023152 ____C () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2013-05-12 23:15 - 2012-11-21 07:26 - 00008704 ____C () C:\Users\user\AppData\Roaming\Thunderbird\Profiles\suf8jch1.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 ____C () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll 2013-02-13 06:44 - 2013-02-13 06:44 - 00028160 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll 2013-02-13 06:44 - 2013-02-13 06:44 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll 2013-05-12 16:43 - 2013-05-12 16:43 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll 2013-05-12 16:43 - 2013-05-12 16:43 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll 2013-05-12 16:43 - 2013-05-12 16:43 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll 2013-05-12 16:43 - 2013-05-12 16:43 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll 2013-05-12 16:43 - 2013-05-12 16:43 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll 2013-05-12 16:43 - 2013-05-12 16:43 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll 2013-02-13 06:44 - 2013-02-13 06:44 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00310491 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00092874 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00209619 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00105620 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00149933 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00055758 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00415553 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00228908 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00027811 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00023305 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll 2013-02-13 06:44 - 2013-02-13 06:44 - 00425984 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll 2013-05-12 16:43 - 2013-05-12 16:43 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll 2013-09-17 19:24 - 2013-09-17 19:24 - 03279768 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 ____C () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: Ethernet-Controller Description: Ethernet-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/19/2013 02:46:58 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75 Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000019d3c7 ID des fehlerhaften Prozesses: 0x1398 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (10/15/2013 06:08:05 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75 Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000019d3c7 ID des fehlerhaften Prozesses: 0x165c Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (10/15/2013 05:58:38 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75 Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000019d3c7 ID des fehlerhaften Prozesses: 0xdac Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (10/12/2013 06:10:23 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75 Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000019d3c7 ID des fehlerhaften Prozesses: 0x11a8 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (10/09/2013 08:32:03 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75 Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000019d3c7 ID des fehlerhaften Prozesses: 0x504 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (10/09/2013 06:50:49 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {14166b89-3f51-4da9-bec7-74ebf0fa94ff} Error: (10/09/2013 05:56:52 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (10/09/2013 05:56:51 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (10/05/2013 07:29:32 PM) (Source: System Restore) (User: ) Description: Unbekannter Fehler bei der Systemwiederherstellung: (Gerätetreiber-Paketinstallation: Hauppauge Audio-, Video- und Gamecontroller). Zusätzliche Informationen: 0xc000003a. Error: (10/05/2013 06:52:38 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WinTV7.exe, Version: 1.0.31116.0, Zeitstempel: 0x517ea002 Name des fehlerhaften Moduls: mpg2splt.ax, Version: 6.6.7601.17528, Zeitstempel: 0x4d12e1eb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001fbf ID des fehlerhaften Prozesses: 0x1024 Startzeit der fehlerhaften Anwendung: 0xWinTV7.exe0 Pfad der fehlerhaften Anwendung: WinTV7.exe1 Pfad des fehlerhaften Moduls: WinTV7.exe2 Berichtskennung: WinTV7.exe3 System errors: ============= Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/20/2013 09:57:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/20/2013 09:57:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/20/2013 09:57:36 PM) (Source: DCOM) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (10/20/2013 09:57:36 PM) (Source: DCOM) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Microsoft Office Sessions: ========================= Error: (10/19/2013 02:46:58 PM) (Source: Application Error)(User: ) Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c7139801ceccc94a818dfdC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll8a786f3c-38bc-11e3-a854-080027002cae Error: (10/15/2013 06:08:05 PM) (Source: Application Error)(User: ) Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c7165c01cec9c0b88694abC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dllf8c184c9-35b3-11e3-b9bd-080027002cae Error: (10/15/2013 05:58:38 PM) (Source: Application Error)(User: ) Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c7dac01cec9bf6115bffdC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dlla740dafd-35b2-11e3-b9bd-080027002cae Error: (10/12/2013 06:10:23 PM) (Source: Application Error)(User: ) Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c711a801cec7658afe232fC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dllcc2dfe33-3358-11e3-896d-080027002cae Error: (10/09/2013 08:32:03 PM) (Source: Application Error)(User: ) Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c750401cec51dad98e3c0C:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll172efb23-3111-11e3-a187-080027002cae Error: (10/09/2013 06:50:49 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {14166b89-3f51-4da9-bec7-74ebf0fa94ff} Error: (10/09/2013 05:56:52 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (10/09/2013 05:56:51 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (10/05/2013 07:29:32 PM) (Source: System Restore)(User: ) Description: Gerätetreiber-Paketinstallation: Hauppauge Audio-, Video- und Gamecontroller0xc000003a Error: (10/05/2013 06:52:38 PM) (Source: Application Error)(User: ) Description: WinTV7.exe1.0.31116.0517ea002mpg2splt.ax6.6.7601.175284d12e1ebc000000500001fbf102401cec1eb3ebd44e7C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exeC:\Windows\SysWOW64\mpg2splt.ax8a013a72-2dde-11e3-a857-080027002cae CodeIntegrity Errors: =================================== Date: 2013-10-20 20:24:06.151 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 20:24:06.149 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 20:24:06.148 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 20:09:10.001 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 20:09:10.000 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 20:09:09.999 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 17:33:00.277 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 17:33:00.276 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 17:33:00.275 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-20 17:33:00.272 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 16365.22 MB Available physical RAM: 12944.14 MB Total Pagefile: 16875.4 MB Available Pagefile: 13349.7 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:118.9 GB) (Free:84.66 GB) NTFS Drive d: (filme) (Fixed) (Total:298.09 GB) (Free:98.89 GB) NTFS Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:6.7 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 687BB64A) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 17D24D8F) Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 298 GB) (Disk ID: E182E182) Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Geändert von drwtf (21.10.2013 um 00:46 Uhr) Grund: Addition.txt nicht vollständig gewesen. Alle Logs sollten jetzt vollständig sein. |
21.10.2013, 06:46 | #2 |
/// the machine /// TB-Ausbilder | Bluescreen wegen Keyboard-Treibern - Keylogger? Hi,
__________________Rechner ist sauber, der eine Fund in den Temps is Adware, nit wild. Gibt es nen Crashdump zu dem Bluescreen?
__________________ |
21.10.2013, 07:20 | #3 |
| Bluescreen wegen Keyboard-Treibern - Keylogger? Jup,
__________________https://dl.dropboxusercontent.com/u/33668449/102013-14196-01.dmp |
21.10.2013, 12:57 | #4 |
/// the machine /// TB-Ausbilder | Bluescreen wegen Keyboard-Treibern - Keylogger? bitte als ZIP hier anhängen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.10.2013, 12:59 | #5 |
| Bluescreen wegen Keyboard-Treibern - Keylogger? bitte sehr |
22.10.2013, 07:16 | #6 |
/// the machine /// TB-Ausbilder | Bluescreen wegen Keyboard-Treibern - Keylogger? schick mir heut Abend bitte PM, dann schau ich mir den Dump an.
__________________ --> Bluescreen wegen Keyboard-Treibern - Keylogger? |
23.10.2013, 06:22 | #7 |
/// the machine /// TB-Ausbilder | Bluescreen wegen Keyboard-Treibern - Keylogger? Sorry, mein Debugger hat sich verabschiedet, bin am neu installieren.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.10.2013, 07:04 | #8 |
| Bluescreen wegen Keyboard-Treibern - Keylogger? nur keine eile |
23.10.2013, 14:32 | #9 |
/// the machine /// TB-Ausbilder | Bluescreen wegen Keyboard-Treibern - Keylogger? ich schaue heut abend nochmal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.10.2013, 13:11 | #10 |
| Bluescreen wegen Keyboard-Treibern - Keylogger? *räusper* |
26.10.2013, 18:30 | #11 | ||
/// the machine /// TB-Ausbilder | Bluescreen wegen Keyboard-Treibern - Keylogger? sorry, irgendwie verrafft Zitat:
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.10.2013, 18:32 | #12 |
| Bluescreen wegen Keyboard-Treibern - Keylogger? nein, kam nicht mehr. memory_corruption hab ich auch selbst gesehen, konnte damit aber auch nichts anfangen. kaputter ram vielleicht? sollte ich mal memtest durchlaufen lassen? |
27.10.2013, 07:35 | #13 |
/// the machine /// TB-Ausbilder | Bluescreen wegen Keyboard-Treibern - Keylogger? ja mach das mal
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Bluescreen wegen Keyboard-Treibern - Keylogger? |
.dll, 4d36e972-e325-11ce-bfc1-08002be10318, askbar, bluescreen, branding, canon, converter, cpu-z, defender, ebanking, entfernen, excel, farbar, farbar recovery scan tool, firefox, flash player, harddisk, help, hintergrund, hängt, internet, kaspersky, keylogger, klelam.sys, malwarebytes, ntdll.dll, photoshop, plug-in, programm, registry, security, server, software, system, temp, tunnel, windows, wsearch |