Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.09.2013, 12:08   #1
Grondel
 
BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



Hallo zusammen
Im August wurde ich Opfer des BKA-Trojaners auf meinem Notebook. Die Geschichte kennt man ja nur gut genug. Ich habe den Sperrbildschirm mittels Kasperskys Rescue Disk entfernen können und habe auch wieder vollen Zugriff auf das System.
Anschliessend habe ich MBAM sowie Kaspersky Pure installiert um einen gewissen Schutz zu erlangen.
Dabei kamen auch nach "entfernen" des BKA-Trojaners noch einige Sachen zum Vorschein (siehe Log's).
Dazu kommt auch, dass sich die Leistung des Notebooks offensichtlich minimiert hat. Oft wird beim Laden von Internetseiten der ganze Browser "eingefroren" und nichts geht mer für einige Sekunden. "Keine Rückmeldung" lautet das Feedback der Maschine.
Ich habe gelesen, dass es durch den Generic Trojaner auch zum heruntertakten des Prozessors kommen kann, womit auch die Leistung gemindert wird. Auch hat MBAM erkannt, dass versucht wird auf eine IP-Adresse zuzugreifen. Die Spur führt nach Bosnien Herzegowina falls man google trauen kann.

Ich habe gemäss Guidelines folgende Scans und Log's vor Eröffnung erstellt:
- Defogger
- FRST (inkl. Addition)
- GMER
- MBAM
- Kaspersky Pure

Für einen Gedankensprung wäre ich sehr froh.

Beste Grüsse
Petar


Nun zu den Logs:

Defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:23 on 29/09/2013 (Petar)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:

FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Petar (administrator) on PETAR-PC on 29-09-2013 11:29:55
Running from C:\Users\Petar\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\SMINST\BLService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [DVDAgent] - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM\...\Run: [TVAgent] - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-30] (Adobe Systems Incorporated)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
MountPoints2: F - WOERH_Q1\Data und co\Docmuente_WQ1\VisualBaisc\VrPa_Project\Softwares\autorun.exe
MountPoints2: {88596de4-5dcb-11de-8fdb-00238b9e6222} - G:\laucher.exe
MountPoints2: {88ae2290-ae0b-11de-965e-00238b9e6222} - F:\
MountPoints2: {a86150f5-d510-11de-85dc-00238b9e6222} - F:\
MountPoints2: {b9eeff64-3c93-11de-88b7-00238b9e6222} - F:\
MountPoints2: {d7a1f38c-0cef-11df-99f3-00238b9e6222} - G:\LaunchU3.exe -a
MountPoints2: {e593e417-94c5-11de-8b0c-00238b9e6222} - F:\setup.exe
MountPoints2: {ec36a86f-c9b0-11df-93d9-00238b9e6222} - H:\PMBP_Win.exe
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
AppInit_DLLs: avgrsstx.dll [ 2010-04-16] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
SearchScopes: HKLM - DefaultScope {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKLM - {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKCU - DefaultScope {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
SearchScopes: HKCU - {15B0B15B-A323-4C4D-982F-4DAA93FB22E7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Petar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\DeviceDetection@logitech.com
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [77824 2009-01-13] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe [237661 2009-01-08] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-09-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [26392 2013-05-23] (TrusCont Ltd)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-09-09] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:19 - 2013-09-29 11:20 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-16 22:24 - 2013-09-29 11:04 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-16 22:24 - 2013-09-17 22:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-16 22:24 - 2013-09-17 20:40 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-16 22:24 - 2013-09-17 20:40 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-16 22:23 - 2013-09-16 22:23 - 00001918 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-16 22:23 - 2009-01-25 13:14 - 00015224 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-09-16 22:22 - 2013-09-16 22:25 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 23:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 23:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 23:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 23:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 23:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-15 23:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 23:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-15 23:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-15 23:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 23:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 23:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 23:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-15 23:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 20:50 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-15 20:49 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 19:57 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 19:57 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-09 19:57 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 19:40 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 19:39 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 19:38 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 19:38 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-09 19:38 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-09 19:38 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-09 19:37 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:09 - 2013-09-09 19:07 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:04 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-09-09 19:04 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-09-09 19:03 - 2013-09-29 11:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:53 - 2013-09-09 19:31 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 18:53 - 2013-09-09 19:31 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ___HD C:\kleaner.tmp

==================== One Month Modified Files and Folders =======

2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:23 - 2009-05-09 00:43 - 00000000 ____D C:\Users\Petar
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:21 - 2013-09-09 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-29 11:20 - 2013-09-29 11:19 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-29 11:12 - 2009-03-24 03:40 - 01877816 _____ C:\Windows\WindowsUpdate.log
2013-09-29 11:06 - 2012-05-27 22:13 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Skype
2013-09-29 11:04 - 2013-09-16 22:24 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-29 11:01 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 11:01 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 11:01 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 23:40 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-17 22:17 - 2013-09-16 22:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-17 21:51 - 2012-10-08 21:46 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA.job
2013-09-17 21:51 - 2012-10-08 21:46 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core.job
2013-09-17 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-17 20:40 - 2013-09-16 22:24 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-17 20:40 - 2013-09-16 22:24 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-16 22:25 - 2013-09-16 22:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-16 22:23 - 2013-09-16 22:23 - 00001918 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-16 20:32 - 2009-07-31 17:28 - 00000000 ____D C:\Users\Petar\Documents\Bank
2013-09-16 20:21 - 2006-11-02 14:47 - 00393432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 23:47 - 2009-05-09 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 20:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-10 03:09 - 2009-03-07 17:29 - 00662132 _____ C:\Windows\system32\perfh010.dat
2013-09-10 03:09 - 2009-03-07 17:29 - 00122888 _____ C:\Windows\system32\perfc010.dat
2013-09-10 03:08 - 2006-11-02 12:33 - 03056766 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 22:49 - 2010-03-05 14:24 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForPetar.job
2013-09-09 20:38 - 2008-01-21 04:47 - 00209926 _____ C:\Windows\PFRO.log
2013-09-09 20:38 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-09 20:10 - 2013-08-04 19:13 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-09 20:05 - 2012-12-18 21:37 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-09 20:05 - 2012-05-27 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:31 - 2013-09-09 18:53 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 19:31 - 2013-09-09 18:53 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 19:31 - 2012-10-18 14:50 - 00044000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-09 19:31 - 2012-08-13 16:49 - 00145040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:07 - 2013-09-09 19:09 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ___HD C:\kleaner.tmp
2013-09-09 18:48 - 2009-05-09 14:45 - 00000000 ____D C:\Program Files\AVG
2013-09-09 18:37 - 2011-04-18 20:23 - 00000000 ____D C:\Users\Gast\Tracing

Files to move or delete:
====================
C:\Users\Petar\AppData\Roaming\settings.ini
C:\Users\Petar\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Petar\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Petar\AppData\Local\Temp\detectionui_r.exe
C:\Users\Petar\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Petar\AppData\Local\Temp\local.dll
C:\Users\Petar\AppData\Local\Temp\_isAED4.exe
C:\Users\Petar\AppData\Local\Temp\_isCF4F.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-29 11:10

==================== End Of Log ============================
         
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by Petar at 2013-09-29 11:31:01
Running from C:\Users\Petar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
Adobe Shockwave Player (Version: 11.0)
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
ANNO 1503 GOLD (Version: 1.05.00)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
AutoUpdate (Version: 1.1)
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.46 (Version: 1.0.0.46)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full Existing (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full New (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Light (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Common (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0122.1.43106)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0122.1.43106)
CCC Help Chinese Standard (Version: 2009.0122.0000.43106)
CCC Help Chinese Traditional (Version: 2009.0122.0000.43106)
CCC Help Czech (Version: 2009.0122.0000.43106)
CCC Help Danish (Version: 2009.0122.0000.43106)
CCC Help Dutch (Version: 2009.0122.0000.43106)
CCC Help English (Version: 2009.0122.0000.43106)
CCC Help Finnish (Version: 2009.0122.0000.43106)
CCC Help French (Version: 2009.0122.0000.43106)
CCC Help German (Version: 2009.0122.0000.43106)
CCC Help Greek (Version: 2009.0122.0000.43106)
CCC Help Hungarian (Version: 2009.0122.0000.43106)
CCC Help Italian (Version: 2009.0122.0000.43106)
CCC Help Japanese (Version: 2009.0122.0000.43106)
CCC Help Korean (Version: 2009.0122.0000.43106)
CCC Help Norwegian (Version: 2009.0122.0000.43106)
CCC Help Polish (Version: 2009.0122.0000.43106)
CCC Help Portuguese (Version: 2009.0122.0000.43106)
CCC Help Russian (Version: 2009.0122.0000.43106)
CCC Help Spanish (Version: 2009.0122.0000.43106)
CCC Help Swedish (Version: 2009.0122.0000.43106)
CCC Help Thai (Version: 2009.0122.0000.43106)
CCC Help Turkish (Version: 2009.0122.0000.43106)
ccc-core-static (Version: 2009.0122.1.43106)
ccc-utility (Version: 2009.0122.1.43106)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Flight Simulator X Service Pack 1
FlyLogic's - Patrouille Suisse X (Version: 1.00)
Free Video Converter V 2.9 (Version: 2.9.0.0)
H.264 Decoder (Version: 1.1.0)
HP Active Support Library (Version: 3.1.9.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Help and Support (Version: 2.1.3.0)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart TV (Version: 2.1.1219)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Quick Launch Buttons 6.40 L1 (Version: 6.40 L1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP Update (Version: 4.000.013.003)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50 A6)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6087.22)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0512)
Microsoft Works (Version: 9.7.0621)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 7.0.0.0000)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Internet Security (Version: 16.0.0.125)
PhotoNow! (Version: 1.1.5615)
Project BO-105 PAH
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
QuickTime (Version: 7.73.80.64)
Radar v2.0 for FSX
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Setup-Start von Microsoft Works 2004
Skins (Version: 2009.0122.1.43106)
Skype™ 6.6 (Version: 6.6.106)
Spybot - Search & Destroy (Version: 2.1.21)
Steuer 2011 12.0.1 (Version: 12.0.1)
Steuer 2012 13.0.3 (Version: 13.0.3)
Synaptics Pointing Device Driver (Version: 12.1.0.0)
Tom Clancy's H.A.W.X. 2 (Version: 1.0.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.2 (Version: 1.0.2)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinRAR

==================== Restore Points  =========================

30-06-2013 18:05:39 Sprachpaketdeinstallation
01-07-2013 20:39:38 Sprachpaketdeinstallation
02-07-2013 19:11:21 Sprachpaketdeinstallation
03-07-2013 17:50:08 Sprachpaketdeinstallation
06-07-2013 10:32:14 Sprachpaketdeinstallation
08-07-2013 19:47:41 Windows Update
08-07-2013 20:00:35 Sprachpaketdeinstallation
11-07-2013 21:06:14 Sprachpaketdeinstallation
15-07-2013 18:17:39 Windows Update
16-07-2013 20:16:07 Sprachpaketdeinstallation
17-07-2013 19:35:51 Sprachpaketdeinstallation
18-07-2013 19:21:29 Sprachpaketdeinstallation
24-07-2013 19:40:00 Avg Update
24-07-2013 19:50:35 Sprachpaketdeinstallation
28-07-2013 11:39:50 Sprachpaketdeinstallation
29-07-2013 15:37:34 Sprachpaketdeinstallation
31-07-2013 20:18:52 Sprachpaketdeinstallation
01-08-2013 09:51:52 Sprachpaketdeinstallation
01-08-2013 23:08:41 Sprachpaketdeinstallation
07-08-2013 20:18:39 Sprachpaketdeinstallation
09-09-2013 16:54:57 First Restore Point
09-09-2013 17:05:53 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
09-09-2013 17:10:19 Sprachpaketdeinstallation
09-09-2013 17:36:22 First Restore Point
09-09-2013 18:08:51 Sprachpaketdeinstallation
09-09-2013 19:05:47 Sprachpaketdeinstallation
10-09-2013 01:00:56 Windows Update
15-09-2013 18:16:46 Sprachpaketdeinstallation
15-09-2013 21:28:15 Windows Update
16-09-2013 19:10:44 Sprachpaketdeinstallation
17-09-2013 18:56:24 Sprachpaketdeinstallation
29-09-2013 09:18:08 Sprachpaketdeinstallation

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3B2EEE0C-211E-435C-A8E6-6303CDEF3F9E} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49FBE542-368A-437F-BD45-CFE54258B979} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {50001D87-3D44-49D8-95FC-3A1997DE42BC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5BA444EB-2319-4F76-80B0-F24EAA2F01BC} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6A14DD91-AB0C-405B-9200-D90F787DCCBF} - System32\Tasks\{511E94B8-0376-4F5A-8C2D-A44856AD79DC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {8E6CD6A3-BB09-4C0D-998F-E10FF569A170} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {9FA0D467-4B2F-4EC6-AA27-13AFCF76AD1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AF677D66-1403-4A77-A9AA-5CBCB308AFBC} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B9C6F8AE-39BC-4F3A-8F2E-83E41424EF81} - System32\Tasks\HPCeeScheduleForPetar => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D3EDC5CE-9E56-457D-A2A8-D1DCF998B0CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FD0D3D42-5A18-4CCC-A3CD-7992EC2004BC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000Core.job => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-687498125-1443843741-3421116368-1000UA.job => C:\Users\Petar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPetar.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-12-24 00:00 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-16 22:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-16 22:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2009-01-22 02:34 - 2009-01-22 02:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2009-03-24 03:47 - 2009-03-24 03:47 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-29 18:34 - 2008-10-29 18:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-02 21:59 - 2013-07-02 21:59 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-06-30 23:13 - 2013-06-30 23:13 - 16033160 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2013 11:05:38 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xd80, Anwendungsstartzeit TVAgent.exe0.

Error: (09/29/2013 11:02:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 11:16:20 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x1498, Anwendungsstartzeit firefox.exe0.

Error: (09/17/2013 08:40:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:25:52 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xee8, Anwendungsstartzeit TVAgent.exe0.

Error: (09/16/2013 08:22:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 11:26:55 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/15/2013 10:23:15 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x1054, Anwendungsstartzeit firefox.exe0.

Error: (09/15/2013 08:11:17 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0x4f8, Anwendungsstartzeit TVAgent.exe0.

Error: (09/15/2013 07:59:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/29/2013 11:19:25 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT

Error: (09/29/2013 11:19:22 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR

Error: (09/29/2013 11:03:41 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (09/29/2013 11:02:19 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/17/2013 08:57:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT

Error: (09/17/2013 08:57:41 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR

Error: (09/17/2013 08:45:04 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (09/17/2013 08:40:40 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/16/2013 09:15:58 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT

Error: (09/16/2013 09:15:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR


Microsoft Office Sessions:
=========================
Error: (09/29/2013 11:05:38 AM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3d8001cebcf2dbc8182b

Error: (09/29/2013 11:02:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 11:16:20 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668149801ceb3e96dd8bfd2

Error: (09/17/2013 08:40:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 08:25:52 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3ee801ceb309fc913780

Error: (09/16/2013 08:22:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 11:26:55 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/15/2013 10:23:15 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668105401ceb25105c810d0

Error: (09/15/2013 08:11:17 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a34f801ceb23d90979e10

Error: (09/15/2013 07:59:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-09-29 11:30:09.370
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:30:08.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:30:07.508
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:30:06.455
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:27:53.125
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:27:52.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:27:51.132
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 11:27:50.107
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-17 23:31:18.092
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-17 23:31:17.094
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 3068.9 MB
Available physical RAM: 1415.52 MB
Total Pagefile: 6369.79 MB
Available Pagefile: 4436.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.51 GB) (Free:108.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.58 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D51C35F4)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER Log:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-29 12:24:56
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Petar\AppData\Local\Temp\kgloapow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwAdjustPrivilegesToken [0xA109B6BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwAlpcConnectPort [0xA104EC02]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwAlpcCreatePort [0xA104EF4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwAlpcSendWaitReceivePort [0xA104F390]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwClose [0xA103728C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwConnectPort [0xA104E8DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateEvent [0xA1037804]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateMutant [0xA10376EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreatePort [0xA104EDAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateSection [0xA109E528]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateSemaphore [0xA1037924]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateThread [0xA109D9BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateWaitablePort [0xA104EE7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwDebugActiveProcess [0xA109D506]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwDeviceIoControlFile [0xA10372D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwDuplicateObject [0xA109B7FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwLoadDriver [0xA109B464]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwMapViewOfSection [0xA109E320]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwNotifyChangeKey [0xA104D06C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenEvent [0xA103789A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenMutant [0xA103777A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenProcess [0xA109D0AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenSection [0xA109E7D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenSemaphore [0xA10379BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwOpenThread [0xA109D718]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwQueryDirectoryObject [0xA1037A44]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwQueryObject [0xA104D27A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwQueueApcThread [0xA109E1D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwReplyPort [0xA104F174]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwReplyWaitReceivePort [0xA104F002]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwReplyWaitReceivePortEx [0xA104F0B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwRequestWaitReplyPort [0xA104F1E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwResumeThread [0xA109DEFE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSecureConnectPort [0xA104EA6A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSetContextThread [0xA109E05C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSetInformationToken [0xA1037AE6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSetSystemInformation [0xA109B56E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSuspendProcess [0xA109D24E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSuspendThread [0xA109DDA6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwSystemDebugControl [0xA1037AF8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwTerminateProcess [0xA109D3AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwTerminateThread [0xA109D8B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwUnmapViewOfSection [0xA109E93C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwWriteVirtualMemory [0xA109E666]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateThreadEx [0xA109DBFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys               ZwCreateUserProcess [0xA109D660]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 119                       824EA764 4 Bytes  [BA, B6, 09, A1]
.text           ntkrnlpa.exe!KeSetEvent + 13D                       824EA788 8 Bytes  [02, EC, 04, A1, 4A, EF, 04, ...] {ADD CH, AH; ADD AL, 0xa1; DEC EDX; OUT DX, EAX; ADD AL, 0xa1}
.text           ntkrnlpa.exe!KeSetEvent + 181                       824EA7CC 4 Bytes  [90, F3, 04, A1] {NOP ; ADD AL, 0xa1}
.text           ntkrnlpa.exe!KeSetEvent + 1A9                       824EA7F4 4 Bytes  [8C, 72, 03, A1]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                       824EA80C 4 Bytes  [DC, E8, 04, A1] {FSUB ST0, ST0; ADD AL, 0xa1}
.text           ...                                                 
.text           C:\Windows\system32\DRIVERS\atikmdag.sys            section is writeable [0x9FC04000, 0x241BC8, 0xE8000020]
.text           C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl  section is writeable [0xB135C000, 0x2892, 0xE8000020]
.vmp2           C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl  entry point in ".vmp2" section [0xB137F050]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0             Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1             Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                             kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                             kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                           kltdi.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                               unknown MBR code

---- EOF - GMER 2.1 ----
         
MBAM Log's

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.29.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Petar :: PETAR-PC [Administrator]

29.09.2013 12:35:07
mbam-log-2013-09-29 (12-35-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 243045
Laufzeit: 29 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
2013/09/16 20:22:14 +0200	PETAR-PC	(null)	MESSAGE	Executing scheduled update:  Daily
2013/09/16 20:22:16 +0200	PETAR-PC	(null)	ERROR	Scheduled update failed:  Host not found failed with error code 0
2013/09/16 20:22:28 +0200	PETAR-PC	(null)	MESSAGE	Starting protection
2013/09/16 20:22:28 +0200	PETAR-PC	(null)	MESSAGE	Protection started successfully
2013/09/16 20:22:28 +0200	PETAR-PC	(null)	MESSAGE	Starting IP protection
2013/09/16 20:22:41 +0200	PETAR-PC	(null)	MESSAGE	IP Protection started successfully
2013/09/16 20:25:58 +0200	PETAR-PC	Petar	MESSAGE	Starting database refresh
2013/09/16 20:25:58 +0200	PETAR-PC	Petar	MESSAGE	Stopping IP protection
2013/09/16 20:25:59 +0200	PETAR-PC	Petar	MESSAGE	IP Protection stopped successfully
2013/09/16 20:26:09 +0200	PETAR-PC	Petar	MESSAGE	Database refreshed successfully
2013/09/16 20:26:09 +0200	PETAR-PC	Petar	MESSAGE	Starting IP protection
2013/09/16 20:26:25 +0200	PETAR-PC	Petar	MESSAGE	IP Protection started successfully
2013/09/16 22:11:29 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:29 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:37 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:45 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
2013/09/16 22:11:45 +0200	PETAR-PC	Petar	IP-BLOCK	77.78.219.248 (Type: outgoing, Port: 42376, Process: skype.exe)
         
Auszug aus dem Kaspersky Scan mit Auffinden der Java-Generic Files:
Code:
ATTFilter
jar_cache2254907160662247655.tmp	Nicht desinfizierte Objekte: HEUR:Exploit.Java.CVE-2013-2465.gen	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:35	
jar_cache2254907160662247655.tmp	Gefunden: HEUR:Exploit.Java.CVE-2013-2465.gen	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:34	
jar_cache2254907160662247655.tmp	Nicht desinfizierte Objekte: HEUR:Exploit.Java.Generic	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:34	
jar_cache2254907160662247655.tmp	Gefunden: HEUR:Exploit.Java.Generic	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:34	
jar_cache2254907160662247655.tmp	Nicht desinfizierte Objekte: HEUR:Exploit.Java.CVE-2013-1493.a	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:34	
jar_cache2254907160662247655.tmp	Gefunden: HEUR:Exploit.Java.CVE-2013-1493.a	c:\Documents and Settings\Petar\AppData\Local\Temp\	09.09.2013 21:30:33
         

Alt 29.09.2013, 12:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 29.09.2013, 14:48   #3
Grondel
 
BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



Servus Schrauber

Vielen Dank für dein rasches Feedback.

Habe Combofix über das System rattern lassen mit folgendem Resultat:

Code:
ATTFilter
ComboFix 13-09-28.02 - Petar 29.09.2013  14:37:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.41.1031.18.3069.1616 [GMT 2:00]
ausgeführt von:: C:\Users\Petar\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\System32\ezsvc7.dll
C:\Windows\wininit.ini


(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ezSharedSvc


(((((((((((((((((((((((   Dateien erstellt von 2013-08-28 bis 2013-09-29  ))))))))))))))))))))))))))))))


2013-09-29 13:05:51 . 2013-09-29 13:05:51	40776	----a-w-	C:\Windows\system32\drivers\mbamswissarmy.sys
2013-09-29 12:56:17 . 2013-09-29 12:56:17	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2013-09-17 21:28:27 . 2013-09-17 21:28:27	--------	d-----w-	C:\FRST
2013-09-16 20:24:20 . 2013-09-17 20:17:52	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2013-09-16 20:22:48 . 2013-09-29 12:15:54	--------	d-----w-	C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 18:50:13 . 2013-07-16 04:35:16	615936	----a-w-	C:\Windows\system32\themeui.dll
2013-09-15 18:49:45 . 2013-08-08 01:45:09	2049536	----a-w-	C:\Windows\system32\win32k.sys
2013-09-09 17:57:47 . 2013-06-15 13:22:11	15872	----a-w-	C:\Windows\system32\icaapi.dll
2013-09-09 17:57:47 . 2013-06-15 11:23:33	24064	----a-w-	C:\Windows\system32\drivers\tssecsrv.sys
2013-09-09 17:57:43 . 2013-07-05 04:53:33	905664	----a-w-	C:\Windows\system32\drivers\tcpip.sys
2013-09-09 17:55:05 . 2013-09-09 17:55:05	--------	d-----w-	C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 17:54:49 . 2013-09-09 17:54:49	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-09-09 17:54:47 . 2013-09-09 17:54:56	--------	d-----w-	C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 17:54:47 . 2013-04-04 12:50:32	22856	----a-w-	C:\Windows\system32\drivers\mbam.sys
2013-09-09 17:40:03 . 2013-07-17 19:41:34	2048	----a-w-	C:\Windows\system32\tzres.dll
2013-09-09 17:39:21 . 2013-07-10 09:47:00	783360	----a-w-	C:\Windows\system32\rpcrt4.dll
2013-09-09 17:38:48 . 2013-08-02 04:09:35	1548288	----a-w-	C:\Windows\system32\WMVDECOD.DLL
2013-09-09 17:38:22 . 2013-07-08 04:55:51	3551680	----a-w-	C:\Windows\system32\ntoskrnl.exe
2013-09-09 17:38:21 . 2013-07-09 12:10:36	1205168	----a-w-	C:\Windows\system32\ntdll.dll
2013-09-09 17:38:21 . 2013-07-08 04:55:51	3603904	----a-w-	C:\Windows\system32\ntkrnlpa.exe
2013-09-09 17:37:54 . 2013-07-08 04:16:54	992768	----a-w-	C:\Windows\system32\crypt32.dll
2013-09-09 17:37:53 . 2013-07-08 04:20:04	172544	----a-w-	C:\Windows\system32\wintrust.dll
2013-09-09 17:37:53 . 2013-07-08 04:16:55	98304	----a-w-	C:\Windows\system32\cryptnet.dll
2013-09-09 17:37:53 . 2013-07-08 04:16:55	133120	----a-w-	C:\Windows\system32\cryptsvc.dll
2013-09-09 17:04:50 . 2011-06-02 12:39:44	39736	----a-w-	C:\Windows\system32\drivers\CSVirtualDiskDrv.sys
2013-09-09 17:04:48 . 2011-06-02 12:39:44	88632	----a-w-	C:\Windows\system32\drivers\CSCrySec.sys
2013-09-09 17:03:19 . 2013-09-09 17:03:19	--------	d-----w-	C:\Program Files\Common Files\InfoWatch
2013-09-09 17:03:09 . 2013-09-29 13:04:39	--------	d-----w-	C:\ProgramData\Kaspersky Lab
2013-09-09 17:03:09 . 2013-09-09 17:03:09	--------	d-----w-	C:\Program Files\Kaspersky Lab
2013-09-09 16:53:20 . 2013-09-09 17:31:05	74848	----a-w-	C:\Windows\system32\drivers\klflt.sys
2013-09-09 16:48:34 . 2013-09-09 16:48:35	--------	d-----w-	C:\kleaner.tmp
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-09-09 17:31:06 . 2012-08-13 14:49:44	145040	----a-w-	C:\Windows\system32\drivers\kneps.sys
2013-09-09 17:31:05 . 2012-10-18 12:50:48	44000	----a-w-	C:\Windows\system32\drivers\kltdi.sys


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:20:24	459784	----a-w-	C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2013-06-21 07:58:32 19875432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 16:11:14 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 22:54:22 1410344]
"DVDAgent"="C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 17:04:26 1148200]
"TVAgent"="C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 15:23:16 210216]
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 18:35:44 914224]
"UpdatePSTShortCut"="C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 10:34:22 210216]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 06:58:56 75008]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 14:34:24 54576]
"WirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 10:25:24 432432]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 11:24:44 206128]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 00:12:02 483328]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 13:54:26 91520]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 11:08:14 59720]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2013-02-20 10:35:28 152392]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 21:20:00 41056]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 16:23:04 356968]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2010-5-7 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [2009-01-13 15:18:40 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

Inhalt des "geplante Tasks" Ordners

2013-09-09 C:\Windows\Tasks\HPCeeScheduleForPetar.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-07 08:00:18 . 2008-05-19 10:34:50]


------- Zusätzlicher Suchlauf -------

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\
FF - prefs.js: browser.startup.homepage - google.ch
FF - ExtSQL: 2013-09-09 19:34; anti_banner@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-09-09 19:34; content_blocker@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-09-09 19:34; online_banking@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-09-09 19:34; url_advisor@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-09-09 19:34; virtual_keyboard@kaspersky.com; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: !HIDDEN! 2009-06-26 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-MobileDocuments - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - C:\Program Files\AVerMedia\AVerMedia A309 (MiniCard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-09-29 15:07:26
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl"

------------------------ Weitere laufende Prozesse ------------------------

C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\lpksetup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\DllHost.exe

**************************************************************************

Zeit der Fertigstellung: 2013-09-29  15:19:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-29 13:19:04

Vor Suchlauf: 12 Verzeichnis(se), 123'558'199'296 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 122'742'099'968 Bytes frei

- - End Of File - - BF25CDC7250C041861A8563FDAE2894F
588AE8F0C685C02BA11F30D9CD7E61A0
         
__________________

Alt 29.09.2013, 18:33   #4
schrauber
/// the machine
/// TB-Ausbilder
 

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2013, 20:03   #5
Grondel
 
BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



Hallo Schrauber

Wie gewünscht die gemachten Log's:

MBAM:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.29.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Petar :: PETAR-PC [Administrator]

29.09.2013 20:08:41
mbam-log-2013-09-29 (20-08-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 242180
Laufzeit: 19 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ADWCleaner:

Code:
ATTFilter
# AdwCleaner v3.005 - Bericht erstellt am 29/09/2013 um 20:35:48
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Petar - PETAR-PC
# Gestartet von : C:\Users\Petar\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v22.0 (de)

[ Datei : C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\eyh27r0m.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1965 octets] - [29/09/2013 20:34:06]
AdwCleaner[S0].txt - [1886 octets] - [29/09/2013 20:35:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1946 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Petar on 29.09.2013 at 20:42:59.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-687498125-1443843741-3421116368-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15B0B15B-A323-4C4D-982F-4DAA93FB22E7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15B0B15B-A323-4C4D-982F-4DAA93FB22E7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\free video converter"



~~~ FireFox

Emptied folder: C:\Users\Petar\AppData\Roaming\mozilla\firefox\profiles\76a3fdhl.default\minidumps [47 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2013 at 20:49:08.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und last but not least die FRST log's:

FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Petar (administrator) on PETAR-PC on 29-09-2013 20:50:06
Running from C:\Users\Petar\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [DVDAgent] - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM\...\Run: [TVAgent] - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Petar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\DeviceDetection@logitech.com
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [77824 2009-01-13] (Andrea Electronics Corporation)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe [237661 2009-01-08] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-09-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2013-09-29] (Sysinternals - www.sysinternals.com)
S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [26392 2013-05-23] (TrusCont Ltd)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-09-09] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 20:49 - 2013-09-29 20:49 - 00001974 _____ C:\Users\Petar\Desktop\JRT.txt
2013-09-29 20:42 - 2013-09-29 20:42 - 00000000 ____D C:\Windows\ERUNT
2013-09-29 20:39 - 2013-09-29 20:39 - 00002026 _____ C:\Users\Petar\Desktop\AdwCleaner[S0].txt
2013-09-29 20:34 - 2013-09-29 20:35 - 00000000 ____D C:\AdwCleaner
2013-09-29 20:05 - 2013-09-29 20:05 - 01042066 _____ C:\Users\Petar\Desktop\adwcleaner.exe
2013-09-29 20:05 - 2013-09-29 20:05 - 01030305 _____ (Thisisu) C:\Users\Petar\Desktop\JRT.exe
2013-09-29 15:39 - 2013-09-29 15:19 - 00013072 _____ C:\Users\Petar\Desktop\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012721 _____ C:\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2013-09-29 14:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-29 14:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-29 14:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-29 14:31 - 2013-09-29 15:19 - 00000000 ____D C:\ComboFix
2013-09-29 14:09 - 2013-09-29 15:19 - 00000000 ____D C:\Qoobox
2013-09-29 14:08 - 2013-09-29 15:14 - 00000000 ____D C:\Windows\erdnt
2013-09-29 13:33 - 2013-09-29 13:34 - 05130789 ____R (Swearware) C:\Users\Petar\Desktop\ComboFix.exe
2013-09-29 12:24 - 2013-09-29 12:24 - 00006626 _____ C:\Users\Petar\Desktop\gmer.txt
2013-09-29 11:31 - 2013-09-29 11:37 - 00028582 _____ C:\Users\Petar\Desktop\Addition.txt
2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:19 - 2013-09-29 11:20 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-16 22:24 - 2013-09-17 22:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-16 22:22 - 2013-09-29 14:15 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 23:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 23:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 23:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 23:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 23:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-15 23:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 23:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-15 23:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-15 23:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 23:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 23:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 23:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-15 23:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 20:50 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-15 20:49 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 19:57 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 19:57 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-09 19:57 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 19:40 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 19:39 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 19:38 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 19:38 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-09 19:38 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-09 19:38 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-09 19:37 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:09 - 2013-09-09 19:07 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:04 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-09-09 19:04 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-09-09 19:03 - 2013-09-29 20:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:53 - 2013-09-09 19:31 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 18:53 - 2013-09-09 19:31 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ____D C:\kleaner.tmp

==================== One Month Modified Files and Folders =======

2013-09-29 20:49 - 2013-09-29 20:49 - 00001974 _____ C:\Users\Petar\Desktop\JRT.txt
2013-09-29 20:42 - 2013-09-29 20:42 - 00000000 ____D C:\Windows\ERUNT
2013-09-29 20:42 - 2009-03-24 03:40 - 01967492 _____ C:\Windows\WindowsUpdate.log
2013-09-29 20:41 - 2013-09-09 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-29 20:39 - 2013-09-29 20:39 - 00002026 _____ C:\Users\Petar\Desktop\AdwCleaner[S0].txt
2013-09-29 20:39 - 2012-05-27 22:13 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Skype
2013-09-29 20:38 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 20:38 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 20:37 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 20:36 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-29 20:35 - 2013-09-29 20:34 - 00000000 ____D C:\AdwCleaner
2013-09-29 20:05 - 2013-09-29 20:05 - 01042066 _____ C:\Users\Petar\Desktop\adwcleaner.exe
2013-09-29 20:05 - 2013-09-29 20:05 - 01030305 _____ (Thisisu) C:\Users\Petar\Desktop\JRT.exe
2013-09-29 15:19 - 2013-09-29 15:39 - 00013072 _____ C:\Users\Petar\Desktop\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012721 _____ C:\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2013-09-29 15:19 - 2013-09-29 14:31 - 00000000 ____D C:\ComboFix
2013-09-29 15:19 - 2013-09-29 14:09 - 00000000 ____D C:\Qoobox
2013-09-29 15:19 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-29 15:19 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-29 15:14 - 2013-09-29 14:08 - 00000000 ____D C:\Windows\erdnt
2013-09-29 15:06 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-29 15:04 - 2008-01-21 04:47 - 00213460 _____ C:\Windows\PFRO.log
2013-09-29 15:03 - 2006-11-02 12:22 - 62128128 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 55050240 _____ C:\Windows\system32\config\COMPON~1.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 23330816 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-29 14:15 - 2013-09-16 22:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-29 13:34 - 2013-09-29 13:33 - 05130789 ____R (Swearware) C:\Users\Petar\Desktop\ComboFix.exe
2013-09-29 13:33 - 2009-03-07 17:29 - 00662132 _____ C:\Windows\system32\perfh010.dat
2013-09-29 13:33 - 2009-03-07 17:29 - 00122888 _____ C:\Windows\system32\perfc010.dat
2013-09-29 13:33 - 2006-11-02 12:33 - 03020748 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-29 12:24 - 2013-09-29 12:24 - 00006626 _____ C:\Users\Petar\Desktop\gmer.txt
2013-09-29 12:23 - 2009-07-31 17:28 - 00000000 ____D C:\Users\Petar\Documents\Bank
2013-09-29 11:37 - 2013-09-29 11:31 - 00028582 _____ C:\Users\Petar\Desktop\Addition.txt
2013-09-29 11:26 - 2013-09-29 11:26 - 01086873 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:23 - 2009-05-09 00:43 - 00000000 ____D C:\Users\Petar
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:20 - 2013-09-29 11:19 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-17 22:17 - 2013-09-16 22:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-17 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-16 20:21 - 2006-11-02 14:47 - 00393432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 23:47 - 2009-05-09 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 20:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-09 22:49 - 2010-03-05 14:24 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForPetar.job
2013-09-09 20:38 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-09 20:10 - 2013-08-04 19:13 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-09 20:05 - 2012-12-18 21:37 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-09 20:05 - 2012-05-27 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:31 - 2013-09-09 18:53 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 19:31 - 2013-09-09 18:53 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 19:31 - 2012-10-18 14:50 - 00044000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-09 19:31 - 2012-08-13 16:49 - 00145040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:07 - 2013-09-09 19:09 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ____D C:\kleaner.tmp
2013-09-09 18:48 - 2009-05-09 14:45 - 00000000 ____D C:\Program Files\AVG
2013-09-09 18:37 - 2011-04-18 20:23 - 00000000 ____D C:\Users\Gast\Tracing

Files to move or delete:
====================
C:\Users\Petar\AppData\Roaming\settings.ini
C:\Users\Petar\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Petar\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-29 20:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition log:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by Petar at 2013-09-29 20:50:57
Running from C:\Users\Petar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
Adobe Shockwave Player (Version: 11.0)
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
ANNO 1503 GOLD (Version: 1.05.00)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
AutoUpdate (Version: 1.1)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full Existing (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full New (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Light (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Common (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0122.1.43106)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0122.1.43106)
CCC Help Chinese Standard (Version: 2009.0122.0000.43106)
CCC Help Chinese Traditional (Version: 2009.0122.0000.43106)
CCC Help Czech (Version: 2009.0122.0000.43106)
CCC Help Danish (Version: 2009.0122.0000.43106)
CCC Help Dutch (Version: 2009.0122.0000.43106)
CCC Help English (Version: 2009.0122.0000.43106)
CCC Help Finnish (Version: 2009.0122.0000.43106)
CCC Help French (Version: 2009.0122.0000.43106)
CCC Help German (Version: 2009.0122.0000.43106)
CCC Help Greek (Version: 2009.0122.0000.43106)
CCC Help Hungarian (Version: 2009.0122.0000.43106)
CCC Help Italian (Version: 2009.0122.0000.43106)
CCC Help Japanese (Version: 2009.0122.0000.43106)
CCC Help Korean (Version: 2009.0122.0000.43106)
CCC Help Norwegian (Version: 2009.0122.0000.43106)
CCC Help Polish (Version: 2009.0122.0000.43106)
CCC Help Portuguese (Version: 2009.0122.0000.43106)
CCC Help Russian (Version: 2009.0122.0000.43106)
CCC Help Spanish (Version: 2009.0122.0000.43106)
CCC Help Swedish (Version: 2009.0122.0000.43106)
CCC Help Thai (Version: 2009.0122.0000.43106)
CCC Help Turkish (Version: 2009.0122.0000.43106)
ccc-core-static (Version: 2009.0122.1.43106)
ccc-utility (Version: 2009.0122.1.43106)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Flight Simulator X Service Pack 1
FlyLogic's - Patrouille Suisse X (Version: 1.00)
Free Video Converter V 2.9 (Version: 2.9.0.0)
H.264 Decoder (Version: 1.1.0)
HP Active Support Library (Version: 3.1.9.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Help and Support (Version: 2.1.3.0)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart TV (Version: 2.1.1219)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Quick Launch Buttons 6.40 L1 (Version: 6.40 L1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP Update (Version: 4.000.013.003)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50 A6)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6087.22)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0512)
Microsoft Works (Version: 9.7.0621)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 7.0.0.0000)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Internet Security (Version: 16.0.0.125)
PhotoNow! (Version: 1.1.5615)
Project BO-105 PAH
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
QuickTime (Version: 7.73.80.64)
Radar v2.0 for FSX
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Setup-Start von Microsoft Works 2004
Skins (Version: 2009.0122.1.43106)
Skype™ 6.6 (Version: 6.6.106)
Steuer 2011 12.0.1 (Version: 12.0.1)
Steuer 2012 13.0.3 (Version: 13.0.3)
Synaptics Pointing Device Driver (Version: 12.1.0.0)
Tom Clancy's H.A.W.X. 2 (Version: 1.0.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.2 (Version: 1.0.2)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinRAR

==================== Restore Points  =========================

06-07-2013 10:32:14 Sprachpaketdeinstallation
08-07-2013 19:47:41 Windows Update
08-07-2013 20:00:35 Sprachpaketdeinstallation
11-07-2013 21:06:14 Sprachpaketdeinstallation
15-07-2013 18:17:39 Windows Update
16-07-2013 20:16:07 Sprachpaketdeinstallation
17-07-2013 19:35:51 Sprachpaketdeinstallation
18-07-2013 19:21:29 Sprachpaketdeinstallation
24-07-2013 19:40:00 Avg Update
24-07-2013 19:50:35 Sprachpaketdeinstallation
28-07-2013 11:39:50 Sprachpaketdeinstallation
29-07-2013 15:37:34 Sprachpaketdeinstallation
31-07-2013 20:18:52 Sprachpaketdeinstallation
01-08-2013 09:51:52 Sprachpaketdeinstallation
01-08-2013 23:08:41 Sprachpaketdeinstallation
07-08-2013 20:18:39 Sprachpaketdeinstallation
09-09-2013 16:54:57 First Restore Point
09-09-2013 17:05:53 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
09-09-2013 17:10:19 Sprachpaketdeinstallation
09-09-2013 17:36:22 First Restore Point
09-09-2013 18:08:51 Sprachpaketdeinstallation
09-09-2013 19:05:47 Sprachpaketdeinstallation
10-09-2013 01:00:56 Windows Update
15-09-2013 18:16:46 Sprachpaketdeinstallation
15-09-2013 21:28:15 Windows Update
16-09-2013 19:10:44 Sprachpaketdeinstallation
17-09-2013 18:56:24 Sprachpaketdeinstallation
29-09-2013 09:18:08 Sprachpaketdeinstallation
29-09-2013 12:43:43 Sprachpaketdeinstallation
29-09-2013 13:21:16 Sprachpaketdeinstallation
29-09-2013 13:52:02 Sprachpaketdeinstallation

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-09-29 15:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49FBE542-368A-437F-BD45-CFE54258B979} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {6A14DD91-AB0C-405B-9200-D90F787DCCBF} - System32\Tasks\{511E94B8-0376-4F5A-8C2D-A44856AD79DC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {9FA0D467-4B2F-4EC6-AA27-13AFCF76AD1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B9C6F8AE-39BC-4F3A-8F2E-83E41424EF81} - System32\Tasks\HPCeeScheduleForPetar => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D3EDC5CE-9E56-457D-A2A8-D1DCF998B0CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FD0D3D42-5A18-4CCC-A3CD-7992EC2004BC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\HPCeeScheduleForPetar.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-01-22 02:34 - 2009-01-22 02:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-03-24 03:47 - 2009-03-24 03:47 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-29 18:34 - 2008-10-29 18:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-12-24 00:00 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-29 20:50:18.019
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:50:16.974
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:50:16.007
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:50:14.946
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:21:03.950
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:21:02.888
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:21:01.868
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:21:00.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:20:59.869
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 20:20:58.886
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3068.9 MB
Available physical RAM: 1861.57 MB
Total Pagefile: 6369.79 MB
Available Pagefile: 5196.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.51 GB) (Free:114.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.58 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D51C35F4)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 30.09.2013, 09:00   #6
schrauber
/// the machine
/// TB-Ausbilder
 

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet

Alt 06.10.2013, 10:55   #7
Grondel
 
BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



sorry für die längere Wartezeit, hatte viel um die Ohren in den letzten Tagen.

Folgende Logs:

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9716a0db78c59245b3910e8fb268065a
# engine=15371
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 02:03:19
# local_time=2013-10-06 04:03:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 34424506 218557727 0 0
# scanned=381581
# found=0
# cleaned=0
# scan_time=15469
         
Security Check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.74  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky PURE 3.0   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 26  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 22.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky PURE 3.0 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST Log:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Petar (administrator) on PETAR-PC on 06-10-2013 11:43:44
Running from C:\Users\Petar\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [DVDAgent] - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM\...\Run: [TVAgent] - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-30] (Adobe Systems Incorporated)
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default
FF Homepage: google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Petar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\DeviceDetection@logitech.com
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\76a3fdhl.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [77824 2009-01-13] (Andrea Electronics Corporation)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe [237661 2009-01-08] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
S2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-09-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2013-09-29] (Sysinternals - www.sysinternals.com)
S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [26392 2013-05-23] (TrusCont Ltd)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-09-09] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 11:43 - 2013-10-06 11:43 - 01087213 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-10-06 11:40 - 2013-10-06 11:40 - 00001097 _____ C:\Users\Petar\Desktop\checkup.txt
2013-10-05 23:38 - 2013-10-05 23:38 - 00891167 _____ C:\Users\Petar\Desktop\SecurityCheck.exe
2013-10-05 23:37 - 2013-10-05 23:37 - 02347384 _____ (ESET) C:\Users\Petar\Desktop\esetsmartinstaller_enu.exe
2013-09-29 20:49 - 2013-09-29 20:49 - 00001974 _____ C:\Users\Petar\Desktop\JRT.txt
2013-09-29 20:42 - 2013-09-29 20:42 - 00000000 ____D C:\Windows\ERUNT
2013-09-29 20:39 - 2013-09-29 20:39 - 00002026 _____ C:\Users\Petar\Desktop\AdwCleaner[S0].txt
2013-09-29 20:34 - 2013-09-29 20:35 - 00000000 ____D C:\AdwCleaner
2013-09-29 20:05 - 2013-09-29 20:05 - 01042066 _____ C:\Users\Petar\Desktop\adwcleaner.exe
2013-09-29 20:05 - 2013-09-29 20:05 - 01030305 _____ (Thisisu) C:\Users\Petar\Desktop\JRT.exe
2013-09-29 15:39 - 2013-09-29 15:19 - 00013072 _____ C:\Users\Petar\Desktop\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012721 _____ C:\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2013-09-29 14:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-29 14:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-29 14:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-29 14:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-29 14:31 - 2013-09-29 15:19 - 00000000 ____D C:\ComboFix
2013-09-29 14:09 - 2013-09-29 15:19 - 00000000 ____D C:\Qoobox
2013-09-29 14:08 - 2013-09-29 15:14 - 00000000 ____D C:\Windows\erdnt
2013-09-29 13:33 - 2013-09-29 13:34 - 05130789 ____R (Swearware) C:\Users\Petar\Desktop\ComboFix.exe
2013-09-29 12:24 - 2013-09-29 12:24 - 00006626 _____ C:\Users\Petar\Desktop\gmer.txt
2013-09-29 11:31 - 2013-09-29 20:56 - 00019590 _____ C:\Users\Petar\Desktop\Addition.txt
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:19 - 2013-09-29 11:20 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-16 22:24 - 2013-09-17 22:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-16 22:22 - 2013-09-29 14:15 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 23:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 23:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 23:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 23:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 23:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-15 23:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 23:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-15 23:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-15 23:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-15 23:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 23:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 23:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 23:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-15 23:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 20:50 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-15 20:49 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 19:57 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-09 19:57 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-09 19:57 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 19:40 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-09 19:39 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-09 19:38 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-09 19:38 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-09 19:38 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-09 19:38 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-09 19:37 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-09 19:37 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:09 - 2013-09-09 19:07 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:04 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-09-09 19:04 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-09-09 19:03 - 2013-10-05 23:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:53 - 2013-09-09 19:31 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 18:53 - 2013-09-09 19:31 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ____D C:\kleaner.tmp

==================== One Month Modified Files and Folders =======

2013-10-06 11:43 - 2013-10-06 11:43 - 01087213 _____ (Farbar) C:\Users\Petar\Desktop\FRST.exe
2013-10-06 11:42 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 11:42 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 11:40 - 2013-10-06 11:40 - 00001097 _____ C:\Users\Petar\Desktop\checkup.txt
2013-10-06 11:25 - 2009-03-24 03:40 - 02085386 _____ C:\Windows\WindowsUpdate.log
2013-10-05 23:43 - 2009-03-07 17:29 - 00662132 _____ C:\Windows\system32\perfh010.dat
2013-10-05 23:43 - 2009-03-07 17:29 - 00122888 _____ C:\Windows\system32\perfc010.dat
2013-10-05 23:43 - 2006-11-02 12:33 - 03020748 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 23:38 - 2013-10-05 23:38 - 00891167 _____ C:\Users\Petar\Desktop\SecurityCheck.exe
2013-10-05 23:37 - 2013-10-05 23:37 - 02347384 _____ (ESET) C:\Users\Petar\Desktop\esetsmartinstaller_enu.exe
2013-10-05 23:34 - 2013-09-09 19:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-05 23:09 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 22:27 - 2009-07-31 17:28 - 00000000 ____D C:\Users\Petar\Documents\Bank
2013-10-02 22:27 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-01 00:00 - 2012-05-27 22:13 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Skype
2013-09-29 20:56 - 2013-09-29 11:31 - 00019590 _____ C:\Users\Petar\Desktop\Addition.txt
2013-09-29 20:49 - 2013-09-29 20:49 - 00001974 _____ C:\Users\Petar\Desktop\JRT.txt
2013-09-29 20:42 - 2013-09-29 20:42 - 00000000 ____D C:\Windows\ERUNT
2013-09-29 20:39 - 2013-09-29 20:39 - 00002026 _____ C:\Users\Petar\Desktop\AdwCleaner[S0].txt
2013-09-29 20:35 - 2013-09-29 20:34 - 00000000 ____D C:\AdwCleaner
2013-09-29 20:05 - 2013-09-29 20:05 - 01042066 _____ C:\Users\Petar\Desktop\adwcleaner.exe
2013-09-29 20:05 - 2013-09-29 20:05 - 01030305 _____ (Thisisu) C:\Users\Petar\Desktop\JRT.exe
2013-09-29 15:19 - 2013-09-29 15:39 - 00013072 _____ C:\Users\Petar\Desktop\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012721 _____ C:\ComboFix.txt
2013-09-29 15:19 - 2013-09-29 15:19 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2013-09-29 15:19 - 2013-09-29 14:31 - 00000000 ____D C:\ComboFix
2013-09-29 15:19 - 2013-09-29 14:09 - 00000000 ____D C:\Qoobox
2013-09-29 15:19 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-29 15:19 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-29 15:14 - 2013-09-29 14:08 - 00000000 ____D C:\Windows\erdnt
2013-09-29 15:06 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-29 15:04 - 2008-01-21 04:47 - 00213460 _____ C:\Windows\PFRO.log
2013-09-29 15:03 - 2006-11-02 12:22 - 62128128 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 55050240 _____ C:\Windows\system32\config\COMPON~1.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 23330816 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-29 15:03 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-29 14:15 - 2013-09-16 22:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-29 13:34 - 2013-09-29 13:33 - 05130789 ____R (Swearware) C:\Users\Petar\Desktop\ComboFix.exe
2013-09-29 12:24 - 2013-09-29 12:24 - 00006626 _____ C:\Users\Petar\Desktop\gmer.txt
2013-09-29 11:23 - 2013-09-29 11:23 - 00000472 _____ C:\Users\Petar\Desktop\defogger_disable.log
2013-09-29 11:23 - 2013-09-29 11:23 - 00000000 _____ C:\Users\Petar\defogger_reenable
2013-09-29 11:23 - 2009-05-09 00:43 - 00000000 ____D C:\Users\Petar
2013-09-29 11:21 - 2013-09-29 11:21 - 00377856 _____ C:\Users\Petar\Desktop\gmer_2.1.19163.exe
2013-09-29 11:20 - 2013-09-29 11:19 - 00050477 _____ C:\Users\Petar\Desktop\Defogger.exe
2013-09-17 23:28 - 2013-09-17 23:28 - 00000000 ____D C:\FRST
2013-09-17 22:17 - 2013-09-16 22:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-17 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-16 20:21 - 2006-11-02 14:47 - 00393432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 23:47 - 2009-05-09 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 20:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-10 03:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-09 22:49 - 2010-03-05 14:24 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForPetar.job
2013-09-09 20:38 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-09 20:10 - 2013-08-04 19:13 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-09 20:05 - 2012-12-18 21:37 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-09 20:05 - 2012-05-27 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-09-09 19:55 - 2013-09-09 19:55 - 00000000 ____D C:\Users\Petar\AppData\Roaming\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 19:54 - 2013-09-09 19:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 19:31 - 2013-09-09 18:53 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-09 19:31 - 2013-09-09 18:53 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-09 19:31 - 2012-10-18 14:50 - 00044000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-09 19:31 - 2012-08-13 16:49 - 00145040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-09-09 19:11 - 2013-09-09 19:11 - 00001957 _____ C:\Users\Petar\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-09 19:07 - 2013-09-09 19:09 - 00000915 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-09 19:03 - 2013-09-09 19:03 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-09-09 18:48 - 2013-09-09 18:48 - 00000000 ____D C:\kleaner.tmp
2013-09-09 18:48 - 2009-05-09 14:45 - 00000000 ____D C:\Program Files\AVG
2013-09-09 18:37 - 2011-04-18 20:23 - 00000000 ____D C:\Users\Gast\Tracing

Files to move or delete:
====================
C:\Users\Petar\AppData\Roaming\settings.ini
C:\Users\Petar\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Petar\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 11:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition Log:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Petar at 2013-10-06 11:45:39
Running from C:\Users\Petar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
Adobe Shockwave Player (Version: 11.0)
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
ANNO 1503 GOLD (Version: 1.05.00)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
AutoUpdate (Version: 1.1)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full Existing (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Full New (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Light (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Common (Version: 2009.0122.1.43106)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0122.1.43106)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0122.1.43106)
CCC Help Chinese Standard (Version: 2009.0122.0000.43106)
CCC Help Chinese Traditional (Version: 2009.0122.0000.43106)
CCC Help Czech (Version: 2009.0122.0000.43106)
CCC Help Danish (Version: 2009.0122.0000.43106)
CCC Help Dutch (Version: 2009.0122.0000.43106)
CCC Help English (Version: 2009.0122.0000.43106)
CCC Help Finnish (Version: 2009.0122.0000.43106)
CCC Help French (Version: 2009.0122.0000.43106)
CCC Help German (Version: 2009.0122.0000.43106)
CCC Help Greek (Version: 2009.0122.0000.43106)
CCC Help Hungarian (Version: 2009.0122.0000.43106)
CCC Help Italian (Version: 2009.0122.0000.43106)
CCC Help Japanese (Version: 2009.0122.0000.43106)
CCC Help Korean (Version: 2009.0122.0000.43106)
CCC Help Norwegian (Version: 2009.0122.0000.43106)
CCC Help Polish (Version: 2009.0122.0000.43106)
CCC Help Portuguese (Version: 2009.0122.0000.43106)
CCC Help Russian (Version: 2009.0122.0000.43106)
CCC Help Spanish (Version: 2009.0122.0000.43106)
CCC Help Swedish (Version: 2009.0122.0000.43106)
CCC Help Thai (Version: 2009.0122.0000.43106)
CCC Help Turkish (Version: 2009.0122.0000.43106)
ccc-core-static (Version: 2009.0122.1.43106)
ccc-utility (Version: 2009.0122.1.43106)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Flight Simulator X Service Pack 1
FlyLogic's - Patrouille Suisse X (Version: 1.00)
Free Video Converter V 2.9 (Version: 2.9.0.0)
H.264 Decoder (Version: 1.1.0)
HP Active Support Library (Version: 3.1.9.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Help and Support (Version: 2.1.3.0)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart TV (Version: 2.1.1219)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Quick Launch Buttons 6.40 L1 (Version: 6.40 L1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP Update (Version: 4.000.013.003)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50 A6)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6087.22)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0512)
Microsoft Works (Version: 9.7.0621)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 7.0.0.0000)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Internet Security (Version: 16.0.0.125)
PhotoNow! (Version: 1.1.5615)
Project BO-105 PAH
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
QuickTime (Version: 7.73.80.64)
Radar v2.0 for FSX
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Setup-Start von Microsoft Works 2004
Skins (Version: 2009.0122.1.43106)
Skype™ 6.6 (Version: 6.6.106)
Steuer 2011 12.0.1 (Version: 12.0.1)
Steuer 2012 13.0.3 (Version: 13.0.3)
Synaptics Pointing Device Driver (Version: 12.1.0.0)
Tom Clancy's H.A.W.X. 2 (Version: 1.0.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.2 (Version: 1.0.2)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinRAR

==================== Restore Points  =========================

18-07-2013 19:21:29 Sprachpaketdeinstallation
24-07-2013 19:40:00 Avg Update
24-07-2013 19:50:35 Sprachpaketdeinstallation
28-07-2013 11:39:50 Sprachpaketdeinstallation
29-07-2013 15:37:34 Sprachpaketdeinstallation
31-07-2013 20:18:52 Sprachpaketdeinstallation
01-08-2013 09:51:52 Sprachpaketdeinstallation
01-08-2013 23:08:41 Sprachpaketdeinstallation
07-08-2013 20:18:39 Sprachpaketdeinstallation
09-09-2013 16:54:57 First Restore Point
09-09-2013 17:05:53 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
09-09-2013 17:10:19 Sprachpaketdeinstallation
09-09-2013 17:36:22 First Restore Point
09-09-2013 18:08:51 Sprachpaketdeinstallation
09-09-2013 19:05:47 Sprachpaketdeinstallation
10-09-2013 01:00:56 Windows Update
15-09-2013 18:16:46 Sprachpaketdeinstallation
15-09-2013 21:28:15 Windows Update
16-09-2013 19:10:44 Sprachpaketdeinstallation
17-09-2013 18:56:24 Sprachpaketdeinstallation
29-09-2013 09:18:08 Sprachpaketdeinstallation
29-09-2013 12:43:43 Sprachpaketdeinstallation
29-09-2013 13:21:16 Sprachpaketdeinstallation
29-09-2013 13:52:02 Sprachpaketdeinstallation
29-09-2013 18:57:18 Sprachpaketdeinstallation
30-09-2013 21:49:41 Sprachpaketdeinstallation
02-10-2013 19:34:12 Sprachpaketdeinstallation
05-10-2013 21:25:53 Sprachpaketdeinstallation

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-09-29 15:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49FBE542-368A-437F-BD45-CFE54258B979} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {6A14DD91-AB0C-405B-9200-D90F787DCCBF} - System32\Tasks\{511E94B8-0376-4F5A-8C2D-A44856AD79DC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {9FA0D467-4B2F-4EC6-AA27-13AFCF76AD1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B9C6F8AE-39BC-4F3A-8F2E-83E41424EF81} - System32\Tasks\HPCeeScheduleForPetar => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D3EDC5CE-9E56-457D-A2A8-D1DCF998B0CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FD0D3D42-5A18-4CCC-A3CD-7992EC2004BC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\HPCeeScheduleForPetar.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-12-24 00:00 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-01-22 02:34 - 2009-01-22 02:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-03-24 03:47 - 2009-03-24 03:47 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-29 18:34 - 2008-10-29 18:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-07-02 21:59 - 2013-07-02 21:59 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2013 06:02:38 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVSched.exe, Version 5.0.0.3507, Zeitstempel 0x4913bbec, fehlerhaftes Modul TVSched.exe, Version 5.0.0.3507, Zeitstempel 0x4913bbec, Ausnahmecode 0xc0000005, Fehleroffset 0x00007684,
Prozess-ID 0x96c, Anwendungsstartzeit TVSched.exe0.

Error: (10/06/2013 02:39:43 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\PETAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\76A3FDHL.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (10/06/2013 02:39:43 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\PETAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\76A3FDHL.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (10/05/2013 11:34:27 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xc74, Anwendungsstartzeit TVAgent.exe0.

Error: (10/05/2013 11:11:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2013 09:19:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2013 00:27:05 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x1118, Anwendungsstartzeit firefox.exe0.

Error: (09/30/2013 11:36:35 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xa20, Anwendungsstartzeit TVAgent.exe0.

Error: (09/30/2013 11:31:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2013 09:06:53 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVSched.exe, Version 5.0.0.3507, Zeitstempel 0x4913bbec, fehlerhaftes Modul TVSched.exe, Version 5.0.0.3507, Zeitstempel 0x4913bbec, Ausnahmecode 0xc0000005, Fehleroffset 0x00007684,
Prozess-ID 0x92c, Anwendungsstartzeit TVSched.exe0.


System errors:
=============
Error: (10/06/2013 11:24:27 AM) (Source: Service Control Manager) (User: )
Description: TV Task Scheduler (TVTS)1

Error: (10/05/2013 11:27:19 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT

Error: (10/05/2013 11:27:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR

Error: (10/05/2013 11:12:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/05/2013 11:11:13 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/02/2013 09:35:37 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT

Error: (10/02/2013 09:35:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR

Error: (10/02/2013 09:19:37 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/02/2013 09:19:22 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/30/2013 11:52:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT


Microsoft Office Sessions:
=========================
Error: (10/06/2013 06:02:38 AM) (Source: Application Error)(User: )
Description: TVSched.exe5.0.0.35074913bbecTVSched.exe5.0.0.35074913bbecc00000050000768496c01cec20f3cbbd5c6

Error: (10/06/2013 02:39:43 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PETAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\76A3FDHL.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (10/06/2013 02:39:43 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PETAR\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\76A3FDHL.DEFAULT\SAFEBROWSING-BACKUP

Error: (10/05/2013 11:34:27 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3c7401cec211ddf2b336

Error: (10/05/2013 11:11:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2013 09:19:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2013 00:27:05 AM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668111801cebe28719582e4

Error: (09/30/2013 11:36:35 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.132149772d0aMFC71.DLL7.10.3077.03e77fdfdc00000050002a3a3a2001cebe246ac44274

Error: (09/30/2013 11:31:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2013 09:06:53 PM) (Source: Application Error)(User: )
Description: TVSched.exe5.0.0.35074913bbecTVSched.exe5.0.0.35074913bbecc00000050000768492c01cebd430784e00d


CodeIntegrity Errors:
===================================
  Date: 2013-10-06 11:45:27.668
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:26.685
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:25.702
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:24.688
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:23.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:22.722
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:21.662
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:20.585
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:19.556
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 11:45:18.620
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 3068.9 MB
Available physical RAM: 1361.03 MB
Total Pagefile: 6371.79 MB
Available Pagefile: 4865.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.51 GB) (Free:113.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.58 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (SAMSUNG) (Fixed) (Total:596.02 GB) (Free:427.39 GB) FAT32
Drive g: () (Removable) (Total:7.45 GB) (Free:6.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D51C35F4)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 540B676F)
Partition 1: (Not Active) - (Size=596 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
         
Sieht die Maschine aus deiner Sicht wieder eingermassen in Ordnung aus?

Ich muss das Ganze mal ein bisschen beobachten, wie sich das Notebook verhält was den Speed anbelangt.

Alt 06.10.2013, 16:44   #8
schrauber
/// the machine
/// TB-Ausbilder
 

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



Java, Flash, Adobe und Firefox updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.10.2013, 21:27   #9
Grondel
 
BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



Danke vielmals für deine Hilfe. Sämtliche Schritte habe ich nun befolgt und die Software wieder löschen lassen.

Jetzt werden wir sehen wie sich das ganze Verhält.

Gruss

Alt 14.10.2013, 11:47   #10
schrauber
/// the machine
/// TB-Ausbilder
 

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Standard

BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet
bonjour, branding, browser, converter, device driver, ebanking, entfernen, excel, farbar, farbar recovery scan tool, feedback, flash player, google, heur:exploit.java.cve-2013-1493.a, heur:exploit.java.cve-2013-2465.gen, heur:exploit.java.generic, home, homepage, installation, keine rückmeldung, langsam, launch, refresh, registry, safer networking, schutz, security, services.exe, software, svchost.exe, udp, usb, windows



Ähnliche Themen: BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet


  1. Notebook fährt ohne Grund ständig runter! Virus? Trojaner oder neues Notebook?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (9)
  2. Pc Notebook sehr langsam Trojaner Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.12.2014 (7)
  3. ZoneAlarm hat zwei Viren gefunden: HEUR:Exploit.Script.Generic und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 21.02.2014 (15)
  4. Win7-64bit sehr langsam, Kaspersky meldete Befall durch Java, sowie dubiose Seitenmeldung von www.superfish.com bei standardseitenaufruf
    Log-Analyse und Auswertung - 05.10.2013 (9)
  5. Avira meldet JAVA/Agent-Viren sowie EXP/Dldr.Java.O und EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (8)
  6. Problem mit Trojaner Win32:Zbot-QGP + Java:Agent-CDZ + Java:Malware-gen
    Log-Analyse und Auswertung - 29.03.2013 (9)
  7. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  8. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  9. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (3)
  10. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Mülltonne - 04.08.2012 (1)
  11. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  12. simdemo.exe mit Trojaner Generic 22.BSSM & Generic 26.KCB
    Log-Analyse und Auswertung - 28.12.2011 (7)
  13. PDM.Trojan.generic - Einige Ordner und Dateien sowie nicht sichtbar
    Log-Analyse und Auswertung - 02.06.2011 (6)
  14. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  15. 'JAVA/Agent.D' [virus] und 'EXP/Java.Agent.BF' --- Notebook extrem laaaangsam..
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (30)
  16. Rechner langsam TR/FraudPack.apqc + EXP/Java.WebStart JAVA/Dldr.Agent.CI + CG
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (7)
  17. Notebook zu langsam, neuer IBM Viren? Trojaner? falsche Prozesse?
    Log-Analyse und Auswertung - 12.01.2009 (0)

Zum Thema BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet - Hallo zusammen Im August wurde ich Opfer des BKA-Trojaners auf meinem Notebook. Die Geschichte kennt man ja nur gut genug. Ich habe den Sperrbildschirm mittels Kasperskys Rescue Disk entfernen können - BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet...
Archiv
Du betrachtest: BKA-Trojaner sowie Java-Generic Trojaner - Notebook langsam und runtergetaktet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.