Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bluescreen wegen Keyboard-Treibern - Keylogger?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.10.2013, 00:41   #1
drwtf
 
Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



Hallo zusammen,

für meinen PC sind Bluescreens eher ungewöhnlich. Heute ist einer aufgetreten.

0x0000001e (0xffffffffc0000005, 0xfffff80001ea0150, 0x0000000000000000, 0xffffffffffffffff)
Laut BlueScreenView sind dafür

kbclass.sys
ntoskrnl.exe
hidusb.sys

verantwortlich.

kbclass.sys ist dabei laut Goolge für Tastaturen zuständig. Ich habe eine stinknormale Siemens-Tastatur. Kein Schnickschnack, keine Sondertasten, also auch keine besonderen Treiber nötig. Dazu kommt, dass das sonst nie passiert und der Bluescreen auftrat, als ich afk war.

Habe PC mit Kaspersky, Emsisoft-Antimalware, Spybot S&D und Malwarebytes abgescannt.

MWB hat als einziges folgendes gefunden
Infizierte Dateien: 1
C:\Users\user\AppData\Local\Temp\GUsx3l3P.exe.part (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt.

Viren im Temp-Ordner finde ich eher ungewöhnlich. Habs erstmal nicht gelöscht.

Wenn ich mir wirklich etwas eingefangen habe, würde mich das allerdings wundern. Ich bin recht vorsichtig. Ich nutze NoScript und habe Java ausgeschaltet. Außerdem, wie erwähnt, 4 Scanner, die ich regelmäßig bemühe (und nein, sie laufen nicht alle gleichzeitig im Hintergrund).

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:46 on 20/10/2013 (user)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-10-20 21:29:43

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000078 SAMSUNG_ rev.CXM0 119,24GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldqpow.sys





---- Kernel code sections - GMER 2.1 ----



INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                        fffff80001fa9000 8 bytes [00, 00, 68, 00, 4B, 4C, 73, ...]

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666                                                                                                        fffff80001fa908a 12 bytes [00, 00, 01, 00, 00, 00, C0, ...]

?         C:\Windows\system32\DRIVERS\Mam3.sys [0] entry point in "init" section                                                                                                    fffff880059bf010



---- User code sections - GMER 2.1 ----



.text     C:\Windows\Explorer.EXE[1804] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!DPA_Create     000007fefcf1fbe4 4 bytes JMP 000007fefcff0008

.text     C:\Windows\Explorer.EXE[1804] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!DPA_InsertPtr  000007fefcf1ff18 5 bytes JMP 000007fefcff0020

.text     C:\Windows\Explorer.EXE[1804] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!DPA_DeletePtr  000007fefcf1ffb0 5 bytes JMP 000007fefcff0038

.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                         000000007791faa8 5 bytes JMP 0000000173c619e8

.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  0000000077920038 5 bytes JMP 0000000173c6209e

.text     C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   00000000769a1465 2 bytes [9A, 76]

.text     C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000769a14bb 2 bytes [9A, 76]

.text     ...                                                                                                                                                                       * 2

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                             000000006ea411a8 2 bytes [A4, 6E]

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                       000000006ea413a8 2 bytes [A4, 6E]

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                           000000006ea41422 2 bytes [A4, 6E]

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                    000000006ea41498 2 bytes [A4, 6E]

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                                         000000006e501b41 2 bytes [50, 6E]

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                                         000000006e501be8 2 bytes [50, 6E]

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                                         000000006e501c20 2 bytes [50, 6E]

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                                         000000006e501cd2 2 bytes [50, 6E]

.text     C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe[2264] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                                         000000006e501cf2 2 bytes [50, 6E]

.text     C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[3396] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                       00000000769a1465 2 bytes [9A, 76]

.text     C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[3396] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                      00000000769a14bb 2 bytes [9A, 76]

.text     ...                                                                                                                                                                       * 2

.text     C:\Program Files (x86)\Pidgin\pidgin.exe[3744] C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 10                                               000000006a151ce2 4 bytes [40, 90, AC, 68]

.text     C:\Program Files (x86)\Pidgin\pidgin.exe[3744] C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 160                                              000000006a151d78 4 bytes [40, 90, AC, 68]

.text     C:\Program Files (x86)\anti-rootkit\mbar\mbar.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           00000000769a1465 2 bytes [9A, 76]

.text     C:\Program Files (x86)\anti-rootkit\mbar\mbar.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000769a14bb 2 bytes [9A, 76]

.text     ...                                                                                                                                                                       * 2

.text     C:\Program Files (x86)\anti-rootkit\mbar\mbar.exe[6596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           00000000769a1465 2 bytes [9A, 76]

.text     C:\Program Files (x86)\anti-rootkit\mbar\mbar.exe[6596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000769a14bb 2 bytes [9A, 76]

.text     ...                                                                                                                                                                       * 2

.text     C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1                                             0000000077519b81 11 bytes {MOV EAX, 0xffffffffdae931d8; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX}

.text     C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                              000007feff0975f0 5 bytes JMP 000007fffef300d8

.text     C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                                000007feff5b1180 5 bytes JMP 000007fffef301b8

.text     C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                               000007feff5b1320 7 bytes JMP 000007fffef30148

.text     C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                                       000007feff5b4450 6 bytes JMP 000007fffef30110

.text     C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[6592] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                           000007feff5b6720 10 bytes JMP 000007fffef30180



---- Registry - GMER 2.1 ----



Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}\Connection@Name                               isatap.{B5838B57-2704-4B49-B8CD-A4A2BF6F8ACC}

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                  \Device\{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}?\Device\{FD3AA059-E0AA-4904-8DE9-7CFA41299FD7}?\Device\{D7118392-921B-4696-AC5C-40A4D07F1A5C}?\Device\{473FF2AA-9E0D-4DB0-9B91-21972B5C68DC}?

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                 "{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}"?"{FD3AA059-E0AA-4904-8DE9-7CFA41299FD7}"?"{D7118392-921B-4696-AC5C-40A4D07F1A5C}"?"{473FF2AA-9E0D-4DB0-9B91-21972B5C68DC}"?

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                \Device\TCPIP6TUNNEL_{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}?\Device\TCPIP6TUNNEL_{FD3AA059-E0AA-4904-8DE9-7CFA41299FD7}?\Device\TCPIP6TUNNEL_{D7118392-921B-4696-AC5C-40A4D07F1A5C}?\Device\TCPIP6TUNNEL_{473FF2AA-9E0D-4DB0-9B91-21972B5C68DC}?

Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}@InterfaceName                                                    isatap.{B5838B57-2704-4B49-B8CD-A4A2BF6F8ACC}

Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DAD3A123-71E1-45F9-96C2-2AD840DAD1D7}@ReusableType                                                     0



---- EOF - GMER 2.1 ----
         
Bin gespannt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2013

Ran by user (administrator) on user-PC on 20-10-2013 22:01:56

Running from C:\Users\user\Desktop

Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal



==================== Processes (Whitelisted) =================



(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

() C:\Program Files (x86)\WizMouse\WizMouse.exe

() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

(Hauppauge Computer Works, Inc) C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

() C:\Windows\System32\Mam3Pan.exe

(RaMMicHaeL) C:\Users\user\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe

() C:\Program Files (x86)\WinHotKey\WinHotKey.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files (x86)\GridMove\GridMove.exe

(AppWork GmbH) C:\Program Files\JDownloader 2\JDownloader 2.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

() C:\Program Files (x86)\myhotkey\myHotkey.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe



==================== Registry (Whitelisted) ==================



HKLM\...\Run: [Mam3PAN.exe] - C:\Windows\system32\Mam3PAN.exe [1168152 2013-07-02] ()

HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()

HKCU\...\Run: [7 Taskbar Tweaker] - C:\Users\user\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [305664 2013-10-18] (RaMMicHaeL)

HKCU\...\Run: [WinHotKey] - C:\Program Files (x86)\WinHotKey\WinHotKey.exe [480768 2004-11-11] ()

HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000

HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1

HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1

HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1

HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ET6.lnk

ShortcutTarget: ET6.lnk -> C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe ()

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GridMove.lnk

ShortcutTarget: GridMove.lnk -> C:\Program Files (x86)\GridMove\GridMove.exe ()

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader 2.lnk

ShortcutTarget: JDownloader 2.lnk -> C:\Program Files\JDownloader 2\JDownloader 2.exe (AppWork GmbH)

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lockscreen.vbs ()

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk

ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myHotkey - Verknüpfung.lnk

ShortcutTarget: myHotkey - Verknüpfung.lnk -> C:\Program Files (x86)\myhotkey\myHotkey.exe ()

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk

ShortcutTarget: Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

BootExecute: autocheck autochk * sdnclean64.exe



==================== Internet (Whitelisted) ====================



HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1



FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\searchplugins\wolframalpha.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Roomy Bookmarks Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\ALone-live@ya.ru

FF Extension: Custom Buttons - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\custombuttons@xsms.org

FF Extension: FoxyProxy Basic - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\foxyproxy@eric.h.jung

FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF Extension: about-addons-memory - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\about-addons-memory@tn123.org.xpi

FF Extension: alertbox - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\alertbox@ajitk.com.xpi

FF Extension: classicishaddonmanager - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\classicishaddonmanager@dagger2-addons.mozilla.org.xpi

FF Extension: elemhidehelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\elemhidehelper@adblockplus.org.xpi

FF Extension: exif_viewer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\exif_viewer@mozilla.doslash.org.xpi

FF Extension: f6 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\f6@merike.pri.ee.xpi

FF Extension: ffvkontaktevideo - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\ffvkontaktevideo@chupakabr.ru.xpi

FF Extension: firegestures - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\firegestures@xuldev.org.xpi

FF Extension: hidecaptionplus-dp - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi

FF Extension: jid0-UVAeBCfd34Kk5usS8A1CBiobvM8 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi

FF Extension: openwith - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\openwith@darktrojan.net.xpi

FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi

FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ogzhzvd.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi

FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com



Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File

CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Kaspersky URL Advisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0

CHR Extension: (Safe Money) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0

CHR Extension: (Content Blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0

CHR Extension: (Virtual Keyboard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0

CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR Extension: (Anti-Banner) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx

CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx



==================== Services (Whitelisted) =================



S4 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4153784 2013-10-20] (Emsisoft GmbH)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()

S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)

R2 Hauppauge WinTV Extender; C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe [59392 2013-04-17] (Hauppauge Computer Works, Inc)

R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [581632 2013-05-15] (Hauppauge Computer Works)



==================== Drivers (Whitelisted) ====================



S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-09-06] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-28] (Emsisoft GmbH)

R3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [46384 2009-04-24] (Advanced Micro Devices)

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)

S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-09-06] (Emsisoft GmbH)

R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()

R3 etdrv; C:\Windows\etdrv.sys [25640 2013-10-20] (Windows (R) Server 2003 DDK provider)

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()

R3 gdrv; C:\Windows\gdrv.sys [25640 2013-10-20] (Windows (R) Server 2003 DDK provider)

S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-10-20] ()

R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-09] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-24] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-16] (Kaspersky Lab ZAO)

R1 Mam3.sys; C:\Windows\System32\DRIVERS\Mam3.sys [58648 2013-07-02] ()

R3 Mam3WDM.sys; C:\Windows\System32\DRIVERS\Mam3WDM.sys [44312 2013-07-02] ()

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-10-20] (Malwarebytes Corporation)

R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [10568 2013-09-16] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-16] (Kaspersky Lab ZAO)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]



==================== NetSvcs (Whitelisted) ===================





==================== One Month Created Files and Folders ========



2013-10-20 22:01 - 2013-10-20 22:01 - 01954624 ____C (Farbar) C:\Users\user\Desktop\FRST64.exe

2013-10-20 21:58 - 2013-10-20 21:58 - 00000022 ____C C:\Windows\S.dirmngr

2013-10-20 21:52 - 2013-10-20 21:57 - 00000085 ____C C:\Windows\wininit.ini

2013-10-20 21:49 - 2013-10-20 21:49 - 00028067 ____C C:\Users\user\.recently-used.xbel

2013-10-20 21:32 - 2013-10-20 21:32 - 00000472 ____C C:\Users\user\Desktop\defogger_disable.log

2013-10-20 21:29 - 2013-10-20 21:31 - 00010262 ____C C:\Users\user\Desktop\gmer.txt

2013-10-20 21:29 - 2013-10-20 21:29 - 00010788 ____C C:\Users\user\Desktop\Addition.txt

2013-10-20 20:59 - 2013-10-20 21:34 - 00010788 ____C C:\Users\user\Downloads\Addition.txt

2013-10-20 20:59 - 2013-10-20 20:59 - 00000000 ___DC C:\FRST

2013-10-20 20:51 - 2013-10-20 20:51 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking

2013-10-20 20:45 - 2013-10-20 20:45 - 00000000 ____C C:\Users\user\defogger_reenable

2013-10-20 20:29 - 2013-10-20 20:31 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ___DC C:\Program Files (x86)\anti-rootkit

2013-10-20 20:06 - 2013-10-20 20:06 - 00000000 ___DC C:\Users\user\Documents\ProcAlyzer Dumps

2013-10-20 20:02 - 2013-10-20 21:58 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-10-16 17:15 - 2013-10-20 21:58 - 00000926 ____C C:\Users\user\IP_Log_Data.js

2013-10-13 00:39 - 2013-10-13 17:14 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird

2013-10-10 22:41 - 2013-10-20 21:58 - 00000840 ____C C:\Windows\setupact.log

2013-10-10 22:41 - 2013-10-10 22:41 - 00000000 ____C C:\Windows\setuperr.log

2013-10-09 17:40 - 2013-10-09 17:47 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-09 17:40 - 2013-10-09 17:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-09 17:40 - 2013-10-09 17:47 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-09 17:40 - 2013-10-09 17:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-09 17:40 - 2013-10-09 17:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-09 17:39 - 2013-10-09 17:47 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-09 17:39 - 2013-10-09 17:47 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-09 17:39 - 2013-10-09 17:47 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-09 17:39 - 2013-10-09 17:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-09 17:39 - 2013-10-09 17:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-09 17:39 - 2013-10-09 17:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-09 17:39 - 2013-10-09 17:47 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-09 17:39 - 2013-10-09 17:47 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-09 16:44 - 2013-10-09 16:44 - 00025276 ____C C:\ComboFix.txt

2013-10-09 16:25 - 2011-06-26 08:45 - 00256000 ____C C:\Windows\PEV.exe

2013-10-09 16:25 - 2010-11-07 19:20 - 00208896 ____C C:\Windows\MBR.exe

2013-10-09 16:25 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe

2013-10-09 16:25 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe

2013-10-09 16:25 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe

2013-10-09 16:25 - 2000-08-31 02:00 - 00098816 ____C C:\Windows\sed.exe

2013-10-09 16:25 - 2000-08-31 02:00 - 00080412 ____C C:\Windows\grep.exe

2013-10-09 16:25 - 2000-08-31 02:00 - 00068096 ____C C:\Windows\zip.exe

2013-10-09 16:23 - 2013-10-09 16:44 - 00000000 ___DC C:\Qoobox

2013-10-09 16:22 - 2013-10-09 16:43 - 00000000 ___DC C:\Windows\erdnt

2013-10-09 16:17 - 2013-10-09 17:47 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 16:17 - 2013-10-09 17:47 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 16:17 - 2013-10-09 17:46 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-09 16:17 - 2013-10-09 17:46 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-09 16:17 - 2013-10-09 17:46 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 16:17 - 2013-10-09 17:46 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 16:17 - 2013-10-09 17:46 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 16:17 - 2013-10-09 17:46 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 16:17 - 2013-10-09 17:46 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-09 16:17 - 2013-10-09 17:46 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-09 16:17 - 2013-10-09 17:46 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-09 16:17 - 2013-10-09 17:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-09 16:17 - 2013-07-12 12:41 - 00100864 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 16:17 - 2013-07-03 06:40 - 00042496 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-09 16:17 - 2013-07-03 06:05 - 00076800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 16:17 - 2013-07-03 06:05 - 00032896 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 16:16 - 2013-10-09 17:47 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 16:16 - 2013-10-09 17:47 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 16:16 - 2013-10-09 17:46 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 16:16 - 2013-10-09 17:46 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 16:16 - 2013-10-09 17:46 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 16:16 - 2013-10-09 17:46 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 16:16 - 2013-10-09 17:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 16:16 - 2013-09-04 14:12 - 00343040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-09 16:16 - 2013-09-04 14:11 - 00325120 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-09 16:16 - 2013-09-04 14:11 - 00099840 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-09 16:16 - 2013-09-04 14:11 - 00052736 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-09 16:16 - 2013-09-04 14:11 - 00030720 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-09 16:16 - 2013-09-04 14:11 - 00025600 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-09 16:16 - 2013-09-04 14:11 - 00007808 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-06 00:24 - 2013-10-06 00:24 - 00000000 ___DC C:\Program Files (x86)\LAV Filters

2013-10-06 00:23 - 2013-10-06 00:23 - 00000000 ___DC C:\Program Files (x86)\AC3Filter

2013-10-06 00:23 - 2013-04-05 21:27 - 02231296 ____C C:\Windows\system32\ac3filter64.acm

2013-10-06 00:23 - 2013-04-05 21:26 - 01679360 ____C C:\Windows\SysWOW64\ac3filter.acm

2013-10-06 00:20 - 2013-10-06 00:24 - 00000000 ___DC C:\Program Files (x86)\DVBViewer

2013-10-06 00:20 - 2013-10-06 00:20 - 00000000 ___DC C:\ProgramData\CMUV

2013-10-05 23:27 - 2013-10-05 23:27 - 00000000 ___DC C:\Program Files\PlayReady

2013-10-05 23:25 - 2013-10-12 18:15 - 00000000 __RDC C:\Users\Public\Recorded TV

2013-10-05 19:07 - 2013-10-05 19:26 - 00000000 ___DC C:\Program Files (x86)\DScaler

2013-10-05 18:57 - 2013-10-05 19:26 - 00000000 ___DC C:\Program Files (x86)\K!TV

2013-10-03 21:28 - 2013-10-13 20:31 - 00010420 _____ C:\Users\user\Desktop\cl.xlsx

2013-10-02 17:37 - 2013-10-02 17:39 - 00000000 ___DC C:\Program Files (x86)\GhostMouse

2013-10-02 16:19 - 2013-10-02 16:19 - 00005558 ____C C:\Users\user\Desktop\Neues Textdokument.txt

2013-10-01 19:42 - 2013-10-01 19:42 - 00000000 ___DC C:\Users\user\AppData\Local\Unity

2013-09-28 00:51 - 2013-09-28 00:51 - 00000000 ___DC C:\Program Files\VideoLAN

2013-09-26 14:47 - 2013-09-26 14:47 - 00000000 ___DC C:\Users\user\AppData\Roaming\MusicBrainz

2013-09-26 14:47 - 2013-09-26 14:47 - 00000000 ___DC C:\Users\user\AppData\Local\cache

2013-09-26 14:46 - 2013-09-26 14:46 - 00000000 ___DC C:\Program Files (x86)\MusicBrainz Picard

2013-09-26 00:14 - 2013-09-26 00:15 - 00000000 ___DC C:\Users\user\AppData\Roaming\Raptr

2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr

2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\library_dir

2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Program Files (x86)\Raptr

2013-09-25 13:46 - 2013-09-25 13:46 - 00000000 ___DC C:\symbols

2013-09-25 13:44 - 2013-09-25 13:44 - 00000000 ___DC C:\Program Files (x86)\Windows Kits

2013-09-24 18:29 - 2013-09-24 18:29 - 00032758 ____C C:\Users\user\AppData\Local\recently-used.xbel

2013-09-22 00:39 - 2013-09-22 00:39 - 00000000 ___DC C:\ProgramData\ATI

2013-09-22 00:39 - 2013-09-22 00:39 - 00000000 ___DC C:\Program Files (x86)\AMD AVT

2013-09-22 00:38 - 2013-09-22 00:39 - 00000000 ___DC C:\Program Files\ATI Technologies

2013-09-22 00:38 - 2013-09-22 00:38 - 00000000 ___DC C:\Program Files (x86)\ATI Technologies

2013-09-22 00:31 - 2013-09-22 00:31 - 00059932 ____C C:\Windows\SysWOW64\CCCInstall_201309220031586549.log

2013-09-21 00:46 - 2013-09-21 00:46 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cossacks



==================== One Month Modified Files and Folders =======



2013-10-20 22:01 - 2013-10-20 22:01 - 01954624 ____C (Farbar) C:\Users\user\Desktop\FRST64.exe

2013-10-20 22:01 - 2013-05-12 16:00 - 01786986 ____C C:\Windows\WindowsUpdate.log

2013-10-20 22:00 - 2013-05-12 18:00 - 00076476 ____C C:\Users\user\Network_Meter_Data.js

2013-10-20 22:00 - 2013-05-12 17:06 - 00000000 ___DC C:\Users\user\AppData\Roaming\Dropbox

2013-10-20 21:59 - 2013-07-24 13:13 - 00000000 ___DC C:\ProgramData\Kaspersky Lab

2013-10-20 21:59 - 2013-05-28 23:41 - 00000000 ___DC C:\Program Files (x86)\Emsisoft Anti-Malware

2013-10-20 21:59 - 2013-05-13 00:40 - 00030528 ____C C:\Windows\GVTDrv64.sys

2013-10-20 21:59 - 2013-05-13 00:40 - 00025640 ____C (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys

2013-10-20 21:59 - 2013-05-12 17:40 - 00000000 ___DC C:\Users\user\AppData\Roaming\.purple

2013-10-20 21:59 - 2013-05-12 17:18 - 00003292 ____C C:\Windows\System32\Tasks\WizMouse

2013-10-20 21:59 - 2013-05-12 16:15 - 00025640 ____C (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2013-10-20 21:58 - 2013-10-20 21:58 - 00000022 ____C C:\Windows\S.dirmngr

2013-10-20 21:58 - 2013-10-20 20:02 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-10-20 21:58 - 2013-10-16 17:15 - 00000926 ____C C:\Users\user\IP_Log_Data.js

2013-10-20 21:58 - 2013-10-10 22:41 - 00000840 ____C C:\Windows\setupact.log

2013-10-20 21:58 - 2013-08-02 10:07 - 00010578 ____C C:\Windows\PFRO.log

2013-10-20 21:58 - 2013-05-12 18:23 - 00000000 ___DC C:\Program Files\JDownloader 2

2013-10-20 21:58 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT

2013-10-20 21:57 - 2013-10-20 21:52 - 00000085 ____C C:\Windows\wininit.ini

2013-10-20 21:55 - 2013-05-12 19:25 - 00003018 ____C C:\Windows\System32\Tasks\MSIAfterburner

2013-10-20 21:55 - 2013-05-12 18:47 - 00000029 ____C C:\Users\user\AppData\Roaming\Network Meter_Usage.ini

2013-10-20 21:49 - 2013-10-20 21:49 - 00028067 ____C C:\Users\user\.recently-used.xbel

2013-10-20 21:49 - 2013-05-13 22:46 - 00000000 ___DC C:\Users\user\AppData\Roaming\gedit

2013-10-20 21:49 - 2013-05-13 22:31 - 00000000 ___DC C:\Users\user\.gconfd

2013-10-20 21:49 - 2013-05-12 16:03 - 00000000 ___DC C:\Users\user

2013-10-20 21:34 - 2013-10-20 20:59 - 00010788 ____C C:\Users\user\Downloads\Addition.txt

2013-10-20 21:32 - 2013-10-20 21:32 - 00000472 ____C C:\Users\user\Desktop\defogger_disable.log

2013-10-20 21:31 - 2013-10-20 21:29 - 00010262 ____C C:\Users\user\Desktop\gmer.txt

2013-10-20 21:29 - 2013-10-20 21:29 - 00010788 ____C C:\Users\user\Desktop\Addition.txt

2013-10-20 20:59 - 2013-10-20 20:59 - 00000000 ___DC C:\FRST

2013-10-20 20:59 - 2013-05-13 22:31 - 00000000 ___DC C:\Users\user\.gconf

2013-10-20 20:51 - 2013-10-20 20:51 - 00000000 ___DC C:\Windows\System32\Tasks\Safer-Networking

2013-10-20 20:45 - 2013-10-20 20:45 - 00000000 ____C C:\Users\user\defogger_reenable

2013-10-20 20:31 - 2013-10-20 20:29 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ___DC C:\Program Files (x86)\anti-rootkit

2013-10-20 20:08 - 2013-05-12 17:24 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy

2013-10-20 20:06 - 2013-10-20 20:06 - 00000000 ___DC C:\Users\user\Documents\ProcAlyzer Dumps

2013-10-20 20:01 - 2013-05-12 17:24 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy

2013-10-20 19:08 - 2009-07-14 19:58 - 00702602 ____C C:\Windows\system32\perfh007.dat

2013-10-20 19:08 - 2009-07-14 19:58 - 00150242 ____C C:\Windows\system32\perfc007.dat

2013-10-20 19:08 - 2009-07-14 07:13 - 01627948 ____C C:\Windows\system32\PerfStringBackup.INI

2013-10-20 19:07 - 2009-07-14 06:45 - 00020480 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-20 19:07 - 2009-07-14 06:45 - 00020480 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-20 19:02 - 2013-05-12 15:57 - 00000000 ___DC C:\Windows\Minidump

2013-10-20 19:02 - 2012-12-04 02:18 - 00305966 ____N C:\Windows\Minidump\102013-14196-01.dmp

2013-10-20 18:24 - 2013-09-05 01:55 - 00000000 ___DC C:\Program Files (x86)\RivaTuner Statistics Server

2013-10-20 18:24 - 2013-05-12 17:22 - 00000000 ___DC C:\Program Files (x86)\MSI Afterburner

2013-10-20 18:24 - 2013-05-12 17:05 - 00000000 ___DC C:\Windows\SysWOW64\directx

2013-10-20 18:23 - 2013-09-05 01:55 - 00001086 ____C C:\Users\user\Desktop\MSI Afterburner.lnk

2013-10-20 03:32 - 2013-05-12 17:42 - 00000000 ___DC C:\Users\user\AppData\Roaming\vlc

2013-10-15 23:12 - 2013-05-12 16:43 - 00007616 ____C C:\Users\user\AppData\Local\Resmon.ResmonCfg

2013-10-14 12:45 - 2013-05-16 20:51 - 00000000 ___DC C:\Users\user\AppData\Roaming\ViberPC

2013-10-14 12:45 - 2013-05-16 20:51 - 00000000 ___DC C:\Users\user\AppData\Local\Viber

2013-10-14 12:31 - 2013-05-12 16:45 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service

2013-10-13 20:31 - 2013-10-03 21:28 - 00010420 _____ C:\Users\user\Desktop\cl.xlsx

2013-10-13 17:14 - 2013-10-13 00:39 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird

2013-10-12 18:15 - 2013-10-05 23:25 - 00000000 __RDC C:\Users\Public\Recorded TV

2013-10-11 22:00 - 2013-05-12 17:07 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-10-11 22:00 - 2013-05-12 16:03 - 00000000 __RDC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-10 22:41 - 2013-10-10 22:41 - 00000000 ____C C:\Windows\setuperr.log

2013-10-10 00:03 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Public\Libraries

2013-10-09 21:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-10-09 18:51 - 2013-05-15 23:58 - 00000000 ___DC C:\ProgramData\Microsoft Help

2013-10-09 17:56 - 2009-07-14 06:45 - 02363568 ____C C:\Windows\system32\FNTCACHE.DAT

2013-10-09 17:47 - 2013-10-09 17:40 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-09 17:47 - 2013-10-09 17:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-09 17:47 - 2013-10-09 17:40 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-09 17:47 - 2013-10-09 17:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-09 17:47 - 2013-10-09 17:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-09 17:47 - 2013-10-09 17:39 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-09 17:47 - 2013-10-09 17:39 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-09 17:47 - 2013-10-09 17:39 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-09 17:47 - 2013-10-09 17:39 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-09 17:47 - 2013-10-09 17:39 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-09 17:47 - 2013-10-09 17:39 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-09 17:47 - 2013-10-09 17:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-09 17:47 - 2013-10-09 17:39 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-09 17:47 - 2013-10-09 16:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 17:47 - 2013-10-09 16:17 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 17:47 - 2013-10-09 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 17:46 - 2013-10-09 16:17 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-09 17:46 - 2013-10-09 16:17 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-09 17:46 - 2013-10-09 16:17 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 17:46 - 2013-10-09 16:17 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 17:46 - 2013-10-09 16:17 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 17:46 - 2013-10-09 16:17 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 17:46 - 2013-10-09 16:17 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-09 17:46 - 2013-10-09 16:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-09 17:46 - 2013-10-09 16:17 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-09 17:46 - 2013-10-09 16:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-09 17:46 - 2013-10-09 16:16 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 17:46 - 2013-10-09 16:16 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 17:46 - 2013-10-09 16:16 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 17:46 - 2013-10-09 16:16 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 17:46 - 2013-10-09 16:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 16:44 - 2013-10-09 16:44 - 00025276 ____C C:\ComboFix.txt

2013-10-09 16:44 - 2013-10-09 16:23 - 00000000 ___DC C:\Qoobox

2013-10-09 16:44 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default

2013-10-09 16:43 - 2013-10-09 16:22 - 00000000 ___DC C:\Windows\erdnt

2013-10-09 16:42 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini

2013-10-09 16:20 - 2013-05-12 16:33 - 01601292 ____C C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-09 16:18 - 2013-07-10 21:53 - 00000000 ___DC C:\Windows\system32\MRT

2013-10-09 16:17 - 2010-02-10 00:33 - 80541720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 13:26 - 2013-07-24 13:13 - 00626272 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

2013-10-09 13:26 - 2013-05-16 07:27 - 00029280 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys

2013-10-09 13:26 - 2013-05-16 07:27 - 00029280 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys

2013-10-09 13:26 - 2012-06-19 17:28 - 07717984 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys

2013-10-06 00:24 - 2013-10-06 00:24 - 00000000 ___DC C:\Program Files (x86)\LAV Filters

2013-10-06 00:24 - 2013-10-06 00:20 - 00000000 ___DC C:\Program Files (x86)\DVBViewer

2013-10-06 00:24 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\PolicyDefinitions

2013-10-06 00:23 - 2013-10-06 00:23 - 00000000 ___DC C:\Program Files (x86)\AC3Filter

2013-10-06 00:20 - 2013-10-06 00:20 - 00000000 ___DC C:\ProgramData\CMUV

2013-10-05 23:27 - 2013-10-05 23:27 - 00000000 ___DC C:\Program Files\PlayReady

2013-10-05 19:26 - 2013-10-05 19:07 - 00000000 ___DC C:\Program Files (x86)\DScaler

2013-10-05 19:26 - 2013-10-05 18:57 - 00000000 ___DC C:\Program Files (x86)\K!TV

2013-10-05 19:26 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\registration

2013-10-05 18:40 - 2013-05-28 13:57 - 00392714 ____C C:\hcwDriverInstall.txt

2013-10-05 18:39 - 2013-09-13 14:45 - 00000000 ___DC C:\Users\user\.dia

2013-10-02 17:39 - 2013-10-02 17:37 - 00000000 ___DC C:\Program Files (x86)\GhostMouse

2013-10-02 16:19 - 2013-10-02 16:19 - 00005558 ____C C:\Users\user\Desktop\Neues Textdokument.txt

2013-10-01 19:42 - 2013-10-01 19:42 - 00000000 ___DC C:\Users\user\AppData\Local\Unity

2013-09-28 14:46 - 2013-08-07 00:59 - 00000000 ___DC C:\Program Files (x86)\Opera Next

2013-09-28 00:52 - 2013-05-12 18:56 - 00000000 ___DC C:\Users\user\Desktop\proggys

2013-09-28 00:52 - 2013-05-12 17:42 - 00000000 ___DC C:\Program Files (x86)\VideoLAN

2013-09-28 00:51 - 2013-09-28 00:51 - 00000000 ___DC C:\Program Files\VideoLAN

2013-09-26 14:47 - 2013-09-26 14:47 - 00000000 ___DC C:\Users\user\AppData\Roaming\MusicBrainz

2013-09-26 14:47 - 2013-09-26 14:47 - 00000000 ___DC C:\Users\user\AppData\Local\cache

2013-09-26 14:46 - 2013-09-26 14:46 - 00000000 ___DC C:\Program Files (x86)\MusicBrainz Picard

2013-09-26 05:09 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\DVD Maker

2013-09-26 00:15 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\Raptr

2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr

2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Users\user\AppData\Roaming\library_dir

2013-09-26 00:14 - 2013-09-26 00:14 - 00000000 ___DC C:\Program Files (x86)\Raptr

2013-09-25 13:46 - 2013-09-25 13:46 - 00000000 ___DC C:\symbols

2013-09-25 13:44 - 2013-09-25 13:44 - 00000000 ___DC C:\Program Files (x86)\Windows Kits

2013-09-25 13:44 - 2013-09-01 19:49 - 00000000 ___DC C:\ProgramData\Package Cache

2013-09-24 21:08 - 2013-06-28 23:24 - 00000000 ___DC C:\Users\user\AppData\Roaming\gtk-2.0

2013-09-24 18:29 - 2013-09-24 18:29 - 00032758 ____C C:\Users\user\AppData\Local\recently-used.xbel

2013-09-22 15:45 - 2013-05-12 18:51 - 00000000 ___DC C:\Windows\pss

2013-09-22 00:39 - 2013-09-22 00:39 - 00000000 ___DC C:\ProgramData\ATI

2013-09-22 00:39 - 2013-09-22 00:39 - 00000000 ___DC C:\Program Files (x86)\AMD AVT

2013-09-22 00:39 - 2013-09-22 00:38 - 00000000 ___DC C:\Program Files\ATI Technologies

2013-09-22 00:39 - 2013-05-12 16:07 - 00000000 ___DC C:\ProgramData\AMD

2013-09-22 00:38 - 2013-09-22 00:38 - 00000000 ___DC C:\Program Files (x86)\ATI Technologies

2013-09-22 00:38 - 2013-05-12 16:07 - 00000000 ___DC C:\Program Files\ATI

2013-09-22 00:31 - 2013-09-22 00:31 - 00059932 ____C C:\Windows\SysWOW64\CCCInstall_201309220031586549.log

2013-09-21 00:46 - 2013-09-21 00:46 - 00000000 ___DC C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cossacks

2013-09-21 00:28 - 2013-06-16 19:38 - 00000000 ___DC C:\Users\user\.VirtualBox



Files to move or delete:

====================

C:\Users\user\IP_Log_Data.js

C:\Users\user\Network_Meter_Data.js





==================== Bamital & volsnap Check =================



C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit





LastRegBack: 2013-10-11 14:28



==================== End Of Log ============================
         
--- --- ---

--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2013

Ran by user at 2013-10-20 22:02:24

Running from C:\Users\user\Desktop

Boot Mode: Normal

==========================================================





==================== Security Center ========================



AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}



==================== Installed Programs ======================



@BIOS (x32 Version: 2.28)

µTorrent (HKCU Version: 3.3.1.30017)

7+ Taskbar Tweaker v4.3.1 (HKCU Version: 4.3.1)

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

AC3Filter 2.6.0b (x32 Version: 2.6.0b)

Adobe AIR (x32 Version: 2.5.1.17730)

Adobe Community Help (x32 Version: 3.4.980)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)

Adobe Photoshop CS5.1 (x32 Version: 12.1)

Adobe Reader X (10.1.2) - Deutsch (x32 Version: 10.1.2)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)

AMD Accelerated Video Transcoding (Version: 12.10.100.30328)

AMD Catalyst Install Manager (Version: 8.0.911.0)

AMD Drag and Drop Transcoding (Version: 2.00.0000)

AMD Fuel (Version: 2013.0328.2218.38225)

AMD Media Foundation Decoders (Version: 1.0.80328.2204)

AMD PSCheck (x32 Version: 3.4.1.0277)

AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225)

Any Audio Converter 4.0.1 (x32)

AquaSnap (x32 Version: 1.5.3)

AutoHotkey 1.1.12.00 (Version: 1.1.12.00)

Canon MG5300 series MP Drivers

Canon MP Navigator EX 5.0 (x32)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)

Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)

Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)

CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)

CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)

CCC Help Czech (x32 Version: 2013.0328.2217.38225)

CCC Help Danish (x32 Version: 2013.0328.2217.38225)

CCC Help Dutch (x32 Version: 2013.0328.2217.38225)

CCC Help English (x32 Version: 2013.0328.2217.38225)

CCC Help Finnish (x32 Version: 2013.0328.2217.38225)

CCC Help French (x32 Version: 2013.0328.2217.38225)

CCC Help German (x32 Version: 2013.0328.2217.38225)

CCC Help Greek (x32 Version: 2013.0328.2217.38225)

CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)

CCC Help Italian (x32 Version: 2013.0328.2217.38225)

CCC Help Japanese (x32 Version: 2013.0328.2217.38225)

CCC Help Korean (x32 Version: 2013.0328.2217.38225)

CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)

CCC Help Polish (x32 Version: 2013.0328.2217.38225)

CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)

CCC Help Russian (x32 Version: 2013.0328.2217.38225)

CCC Help Spanish (x32 Version: 2013.0328.2217.38225)

CCC Help Swedish (x32 Version: 2013.0328.2217.38225)

CCC Help Thai (x32 Version: 2013.0328.2217.38225)

CCC Help Turkish (x32 Version: 2013.0328.2217.38225)

ccc-utility64 (Version: 2013.0328.2218.38225)

CCleaner (Version: 4.02)

CPUID CPU-Z 1.58

CrystalDiskInfo 5.6.2 (x32 Version: 5.6.2)

Deutsch - Custom1 (Version: 1.0.3.40)

Dia (nur entfernen) (x32)

DisplayFusion 5.0.1 (x32 Version: 5.0.1.0)

Dropbox (HKCU Version: 2.4.2)

DVBViewer Pro (x32 Version: 5.1)

EaseUS Partition Master 9.2.2 (x32)

Easy Tune 6 B12.1018.1 (x32 Version: 1.00.0000)

Empire Earth Gold Edition (x32)

Emsisoft Anti-Malware (x32 Version: 7.0)

Evince 2.32.0.145 (x32 Version: 2.32.0.145)

EW : Cossacks (x32)

gedit 2.30.1 (x32 Version: 2.30.1)

GnuWin32: Wget-1.11.4-1 (x32 Version: 1.11.4-1)

Google Chrome (HKCU Version: 28.0.1500.95)

Google Earth (x32 Version: 7.1.1.1580)

Gpg4win (2.1.1) (x32 Version: 2.1.1)

GPL Ghostscript (x32 Version: 9.09)

GridMove V1.19.62 (x32)

Hauppauge WinTV 7 (x32 Version: v7.2.31161 (CD 2.8a))

HiJackThis (x32 Version: 1.0.0)

inSSIDer 3 (x32 Version: 3.0.7.48)

IrfanView (remove only) (x32 Version: 4.36)

Java 7 Update 25 (64-bit) (Version: 7.0.250)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250)

JDownloader 2 (Version: 2)

Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)

Kits Configuration Installer (x32 Version: 8.59.25584)

K-Lite Mega Codec Pack 8.4.0 (x32 Version: 8.4.0)

LAV Filters 0.58.1 (x32 Version: 0.58.1)

LibreOffice 4.0.4.2 (x32 Version: 4.0.4.2)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Maya 44 Driver version 1.17 (x32 Version: 1.17)

Microsoft .NET Framework 4.5 (Version: 4.5.50709)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)

MiKTeX 2.9 (x32 Version: 2.9)

Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)

Mozilla Maintenance Service (x32 Version: 24.0.1)

Mozilla Thunderbird 24.0.1 (x86 de) (x32 Version: 24.0.1)

MSI Afterburner 3.0.0 Beta 15 (x32 Version: 3.0.0 Beta 15)

MusicBrainz Picard (x32 Version: 1.2)

NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)

Notepad++ (x32 Version: 6.3.3)

Opera 12.15 (x32 Version: 12.15.1748)

Opera Next 17.0.1241.28 (x32 Version: 17.0.1241.28)

Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)

PDF Settings CS5 (x32 Version: 10.0)

PDF Split And Merge Basic (Version: 2.2.2)

PDF-Viewer (Version: 2.5.210.0)

Pidgin (x32 Version: 2.10.7)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Rainmeter (x32 Version: 2.4 r1678)

Raptr (x32)

Ray Adams ATI Tray Tools (x32)

RivaTuner Statistics Server 5.3.2 (x32 Version: 5.3.2)

Ruhe V 0.09c (x32)

Samsung Kies (x32 Version: 2.5.3.13052_10)

Samsung Magician (x32 Version: 4.2.1)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.25.0)

SDK Debuggers (x32 Version: 8.59.29746)

SumatraPDF (x32 Version: 2.4)

TeXstudio 2.5.2 (x32 Version: 2.5.2)

TL-WN881ND Driver (x32 Version: 1.0.0)

TP-LINK Wireless Configuration Utility (x32 Version: 1.0.0)

TreeSize Free V2.7 (x32 Version: 2.7)

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)

Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)

Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)

Viber (HKCU Version: 3.0.0.132799)

VirtualCloneDrive (x32)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

VLC media player 2.1.0 (Version: 2.1.0)

Warcraft III (x32)

Warcraft III: All Products (HKCU)

Windows Installer Clean Up (x32 Version: 3.00.00.0000)

Windows Software Development Kit (x32 Version: 8.59.29750)

Windows Software Development Kit EULA (x32 Version: 8.59.25584)

Windows-Treiberpaket - Qualcomm Atheros Communications Inc. (athr) Net  (03/11/2013 10.0.0.234) (Version: 03/11/2013 10.0.0.234)

Windows-Treiberpaket - Qualcomm Atheros Communications Inc. Net  (03/11/2013 10.0.0.234) (Version: 03/11/2013 10.0.0.234)

WinHotKey 0.70 (x32)

WinHTTrack Website Copier 3.47-11 (x64) (Version: 3.47.11)

Winmail Opener 1.5 (x32 Version: 1.5)

WinRAR 5.00 (64-Bit) (Version: 5.00.0)

WizMouse v1.6.0.2 (x32)

XMedia Recode Version 3.1.6.9 (x32 Version: 3.1.6.9)

xp-AntiSpy 3.98-2 (x32)



==================== Restore Points  =========================



13-10-2013 17:00:05 Windows-Sicherung

15-10-2013 13:33:36 Windows Update

18-10-2013 17:46:52 Windows Update

20-10-2013 17:00:03 Windows-Sicherung



==================== Hosts content: ==========================



2013-07-23 02:06 - 2013-10-09 16:42 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost



==================== Scheduled Tasks (whitelisted) =============



Task: {0BE82B0D-9788-499D-8BC7-CF9E0C9F2404} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {1B152286-FEFC-424D-B535-F3EAE989DCBB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {72E9C43D-0E76-4B50-8BB0-1BF7B058106B} - System32\Tasks\WizMouse => C:\Program Files (x86)\WizMouse\WizMouse.exe [2011-09-30] ()

Task: {9B944650-48B7-4EC0-9790-F1DBC20E37A9} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-09-16] ()

Task: {AE523A59-651C-43FB-8956-204E74404774} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {AF5E6D21-1C8C-4704-B62D-1DCACFA7A0FF} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2008-06-27] ()

Task: {D2EA73E0-A001-4B62-B9DE-C6C43108FC29} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)



==================== Loaded Modules (whitelisted) =============



2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 ____C () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2013-10-20 21:59 - 2013-10-20 21:59 - 00566439 ____C () C:\Program Files\JDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll

2013-10-20 21:59 - 2013-10-20 21:59 - 04078962 ____C () C:\Program Files\JDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll

2012-11-04 16:25 - 2012-11-04 16:25 - 00736968 _____ () C:\Program Files\Rainmeter\Rainmeter.dll

2012-11-04 16:23 - 2012-11-04 16:23 - 00019968 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL

2012-11-04 16:23 - 2012-11-04 16:23 - 00012800 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.dll

2012-11-04 16:23 - 2012-11-04 16:23 - 00010240 _____ () C:\Program Files\Rainmeter\Plugins\SpeedFanPlugin.dll

2012-11-04 16:23 - 2012-11-04 16:23 - 00056832 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll

2013-05-16 07:27 - 2013-05-16 07:27 - 01310136 ____C () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll

2013-09-14 19:05 - 2013-09-14 19:05 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll

2013-09-14 19:05 - 2013-09-14 19:05 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll

2013-09-14 19:05 - 2013-09-14 19:05 - 00215552 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll

2013-09-14 19:05 - 2013-09-14 19:05 - 00127488 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll

2013-09-14 19:06 - 2013-09-14 19:06 - 00597504 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll

2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 ____C () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 ____C () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 ____C () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 ____C () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 ____C () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll

2013-09-01 20:04 - 2011-08-23 10:04 - 00057344 ____C () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll

2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll

2013-10-13 00:39 - 2013-10-13 00:39 - 03008112 ____C () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

2013-10-13 00:39 - 2013-10-13 00:39 - 00158832 ____C () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2013-10-13 00:39 - 2013-10-13 00:39 - 00023152 ____C () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

2013-05-12 23:15 - 2012-11-21 07:26 - 00008704 ____C () C:\Users\user\AppData\Roaming\Thunderbird\Profiles\suf8jch1.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll

2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 ____C () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll

2013-02-13 06:44 - 2013-02-13 06:44 - 00028160 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll

2013-02-13 06:44 - 2013-02-13 06:44 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll

2013-05-12 16:43 - 2013-05-12 16:43 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll

2013-05-12 16:43 - 2013-05-12 16:43 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll

2013-05-12 16:43 - 2013-05-12 16:43 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll

2013-05-12 16:43 - 2013-05-12 16:43 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll

2013-05-12 16:43 - 2013-05-12 16:43 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll

2013-05-12 16:43 - 2013-05-12 16:43 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll

2013-02-13 06:44 - 2013-02-13 06:44 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00310491 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00092874 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00209619 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00105620 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00149933 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00055758 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00415553 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00228908 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00027811 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00023305 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll

2013-02-13 06:45 - 2013-02-13 06:45 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll

2013-02-13 06:43 - 2013-02-13 06:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll

2013-02-13 06:44 - 2013-02-13 06:44 - 00425984 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll

2013-05-12 16:43 - 2013-05-12 16:43 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll

2013-09-17 19:24 - 2013-09-17 19:24 - 03279768 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 ____C () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF



==================== Alternate Data Streams (whitelisted) =========





==================== Safe Mode (whitelisted) ===================



HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"



==================== Faulty Device Manager Devices =============



Name: Ethernet-Controller

Description: Ethernet-Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.





==================== Event log errors: =========================



Application errors:

==================

Error: (10/19/2013 02:46:58 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75

Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e

Ausnahmecode: 0x40000015

Fehleroffset: 0x000000000019d3c7

ID des fehlerhaften Prozesses: 0x1398

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3



Error: (10/15/2013 06:08:05 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75

Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e

Ausnahmecode: 0x40000015

Fehleroffset: 0x000000000019d3c7

ID des fehlerhaften Prozesses: 0x165c

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3



Error: (10/15/2013 05:58:38 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75

Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e

Ausnahmecode: 0x40000015

Fehleroffset: 0x000000000019d3c7

ID des fehlerhaften Prozesses: 0xdac

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3



Error: (10/12/2013 06:10:23 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75

Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e

Ausnahmecode: 0x40000015

Fehleroffset: 0x000000000019d3c7

ID des fehlerhaften Prozesses: 0x11a8

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3



Error: (10/09/2013 08:32:03 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.0.0, Zeitstempel: 0x52432b75

Name des fehlerhaften Moduls: libavcodec_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x52432b7e

Ausnahmecode: 0x40000015

Fehleroffset: 0x000000000019d3c7

ID des fehlerhaften Prozesses: 0x504

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3



Error: (10/09/2013 06:50:49 PM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.



Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {14166b89-3f51-4da9-bec7-74ebf0fa94ff}



Error: (10/09/2013 05:56:52 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.



Error: (10/09/2013 05:56:51 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.



Error: (10/05/2013 07:29:32 PM) (Source: System Restore) (User: )

Description: Unbekannter Fehler bei der Systemwiederherstellung: (Gerätetreiber-Paketinstallation: Hauppauge Audio-, Video- und Gamecontroller). Zusätzliche Informationen: 0xc000003a.



Error: (10/05/2013 06:52:38 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: WinTV7.exe, Version: 1.0.31116.0, Zeitstempel: 0x517ea002

Name des fehlerhaften Moduls: mpg2splt.ax, Version: 6.6.7601.17528, Zeitstempel: 0x4d12e1eb

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00001fbf

ID des fehlerhaften Prozesses: 0x1024

Startzeit der fehlerhaften Anwendung: 0xWinTV7.exe0

Pfad der fehlerhaften Anwendung: WinTV7.exe1

Pfad des fehlerhaften Moduls: WinTV7.exe2

Berichtskennung: WinTV7.exe3





System errors:

=============

Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068



Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068



Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068



Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068



Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068



Error: (10/20/2013 09:57:37 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068



Error: (10/20/2013 09:57:36 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068



Error: (10/20/2013 09:57:36 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068



Error: (10/20/2013 09:57:36 PM) (Source: DCOM) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}



Error: (10/20/2013 09:57:36 PM) (Source: DCOM) (User: )

Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}





Microsoft Office Sessions:

=========================

Error: (10/19/2013 02:46:58 PM) (Source: Application Error)(User: )

Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c7139801ceccc94a818dfdC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll8a786f3c-38bc-11e3-a854-080027002cae



Error: (10/15/2013 06:08:05 PM) (Source: Application Error)(User: )

Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c7165c01cec9c0b88694abC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dllf8c184c9-35b3-11e3-b9bd-080027002cae



Error: (10/15/2013 05:58:38 PM) (Source: Application Error)(User: )

Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c7dac01cec9bf6115bffdC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dlla740dafd-35b2-11e3-b9bd-080027002cae



Error: (10/12/2013 06:10:23 PM) (Source: Application Error)(User: )

Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c711a801cec7658afe232fC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dllcc2dfe33-3358-11e3-896d-080027002cae



Error: (10/09/2013 08:32:03 PM) (Source: Application Error)(User: )

Description: vlc.exe2.1.0.052432b75libavcodec_plugin.dll0.0.0.052432b7e40000015000000000019d3c750401cec51dad98e3c0C:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll172efb23-3111-11e3-a187-080027002cae



Error: (10/09/2013 06:50:49 PM) (Source: VSS)(User: )

Description: 0x80070005, Zugriff verweigert



Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {14166b89-3f51-4da9-bec7-74ebf0fa94ff}



Error: (10/09/2013 05:56:52 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.



Error: (10/09/2013 05:56:51 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.



Error: (10/05/2013 07:29:32 PM) (Source: System Restore)(User: )

Description: Gerätetreiber-Paketinstallation: Hauppauge Audio-, Video- und Gamecontroller0xc000003a



Error: (10/05/2013 06:52:38 PM) (Source: Application Error)(User: )

Description: WinTV7.exe1.0.31116.0517ea002mpg2splt.ax6.6.7601.175284d12e1ebc000000500001fbf102401cec1eb3ebd44e7C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exeC:\Windows\SysWOW64\mpg2splt.ax8a013a72-2dde-11e3-a857-080027002cae





CodeIntegrity Errors:

===================================

  Date: 2013-10-20 20:24:06.151

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 20:24:06.149

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 20:24:06.148

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 20:09:10.001

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 20:09:10.000

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 20:09:09.999

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 17:33:00.277

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 17:33:00.276

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 17:33:00.275

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2013-10-20 17:33:00.272

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.





==================== Memory info =========================== 



Percentage of memory in use: 20%

Total physical RAM: 16365.22 MB

Available physical RAM: 12944.14 MB

Total Pagefile: 16875.4 MB

Available Pagefile: 13349.7 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB



==================== Drives ================================



Drive c: () (Fixed) (Total:118.9 GB) (Free:84.66 GB) NTFS

Drive d: (filme) (Fixed) (Total:298.09 GB) (Free:98.89 GB) NTFS

Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:6.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]



==================== MBR & Partition Table ==================



========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 687BB64A)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)



========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 17D24D8F)

Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)



========================================================

Disk: 2 (Size: 298 GB) (Disk ID: E182E182)

Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)



==================== End Of Log ============================
         

Geändert von drwtf (21.10.2013 um 00:46 Uhr) Grund: Addition.txt nicht vollständig gewesen. Alle Logs sollten jetzt vollständig sein.

Alt 21.10.2013, 06:46   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



Hi,

Rechner ist sauber, der eine Fund in den Temps is Adware, nit wild. Gibt es nen Crashdump zu dem Bluescreen?
__________________

__________________

Alt 21.10.2013, 07:20   #3
drwtf
 
Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



Jup,

https://dl.dropboxusercontent.com/u/33668449/102013-14196-01.dmp
__________________

Alt 21.10.2013, 12:57   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



bitte als ZIP hier anhängen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.10.2013, 12:59   #5
drwtf
 
Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



bitte sehr


Alt 22.10.2013, 07:16   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



schick mir heut Abend bitte PM, dann schau ich mir den Dump an.
__________________
--> Bluescreen wegen Keyboard-Treibern - Keylogger?

Alt 23.10.2013, 06:22   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



Sorry, mein Debugger hat sich verabschiedet, bin am neu installieren.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2013, 07:04   #8
drwtf
 
Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



nur keine eile

Alt 23.10.2013, 14:32   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



ich schaue heut abend nochmal.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.10.2013, 13:11   #10
drwtf
 
Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



*räusper*

Alt 26.10.2013, 18:30   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



sorry, irgendwie verrafft

Zitat:
ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

BUGCHECK_STR: 0x1E_c0000005

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: SearchFilterHo

CURRENT_IRQL: 2
Zitat:
STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiReplenishPageSlist+c0
fffff800`01ea0150 f00fba6b1000 lock bts dword ptr [rbx+10h],0

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: nt!MiReplenishPageSlist+c0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 521ea035

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!MiReplenishPageSlist+c0

BUCKET_ID: X64_0x1E_c0000005_nt!MiReplenishPageSlist+c0

Followup: MachineOwner
nicht wirklich aussagekräftig. Kam der Bluescreen nochmal?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.10.2013, 18:32   #12
drwtf
 
Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



nein, kam nicht mehr. memory_corruption hab ich auch selbst gesehen, konnte damit aber auch nichts anfangen. kaputter ram vielleicht? sollte ich mal memtest durchlaufen lassen?

Alt 27.10.2013, 06:35   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Bluescreen wegen Keyboard-Treibern - Keylogger? - Standard

Bluescreen wegen Keyboard-Treibern - Keylogger?



ja mach das mal
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Bluescreen wegen Keyboard-Treibern - Keylogger?
.dll, 4d36e972-e325-11ce-bfc1-08002be10318, bluescreen, branding, converter, cpu-z, defender, ebanking, entfernen, excel, farbar, farbar recovery scan tool, firefox, flash player, harddisk, help, hintergrund, hängt, internet, kaspersky, keylogger, klelam.sys, malwarebytes, ntdll.dll, photoshop, programm, registry, security, server, software, system, temp, tunnel, windows, wsearch



Ähnliche Themen: Bluescreen wegen Keyboard-Treibern - Keylogger?


  1. TR/BProtector.gen, nach verschieben in Quarantäne(Avira), Bluescreen und neustart wegen verschiedener Gründe
    Log-Analyse und Auswertung - 10.04.2014 (11)
  2. Windows 7 - Input hängt sich auf ( Maus / Keyboard )
    Alles rund um Windows - 11.04.2013 (6)
  3. Probleme mit Treibern
    Netzwerk und Hardware - 02.04.2013 (13)
  4. Nvidia stopft Lücke im proprietären Unix-Treibern
    Nachrichten - 06.08.2012 (0)
  5. Garantie von Logitech Illuminated Keyboard.
    Diskussionsforum - 20.10.2010 (3)
  6. Hilfe bei Treibern für Windows 7
    Alles rund um Windows - 20.10.2009 (2)
  7. Ungewissheit wegen Malware-> Bluescreen
    Log-Analyse und Auswertung - 01.02.2009 (2)
  8. Bluescreen wegen nv4_disp
    Alles rund um Windows - 09.10.2008 (11)
  9. Hilfe zur Überprüfung wegen Keylogger
    Mülltonne - 28.08.2008 (1)
  10. Ich kann keinen treibern nach der installation von sp3 installieren
    Alles rund um Windows - 19.05.2008 (25)
  11. Doppelpost AW: Ich kann keinen treibern nach der installation von sp3 installieren
    Mülltonne - 18.05.2008 (0)
  12. Problem mit ATI 7.11 Treibern
    Diskussionsforum - 17.01.2008 (1)
  13. Merkwürdiges Keyboard-Verhalten + logfile
    Log-Analyse und Auswertung - 03.01.2008 (3)
  14. Meld. LED Hotkey Keyboard in Taskleiste
    Plagegeister aller Art und deren Bekämpfung - 02.07.2007 (2)
  15. Probleme mit Treibern / Welche Graffikkarte?
    Alles rund um Windows - 14.12.2006 (2)
  16. keyboard Daemon?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2005 (2)
  17. Wer hat Erfahrungen mit VIA-Hyperion-Treibern gemacht?
    Netzwerk und Hardware - 17.12.2003 (8)

Zum Thema Bluescreen wegen Keyboard-Treibern - Keylogger? - Hallo zusammen, für meinen PC sind Bluescreens eher ungewöhnlich. Heute ist einer aufgetreten. 0x0000001e (0xffffffffc0000005, 0xfffff80001ea0150, 0x0000000000000000, 0xffffffffffffffff) Laut BlueScreenView sind dafür kbclass.sys ntoskrnl.exe hidusb.sys verantwortlich. kbclass.sys ist dabei laut - Bluescreen wegen Keyboard-Treibern - Keylogger?...
Archiv
Du betrachtest: Bluescreen wegen Keyboard-Treibern - Keylogger? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.