Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich


Log-Analyse und Auswertung: Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.12.2013, 06:31   #1
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.12.2013, 08:00   #2
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich


So, hier ist der 1. Logfile:



Code:
ATTFilter
OTL Extras logfile created on: 12/7/2013 8:23:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files
Drive C: | 100.00 Mb Total Space | 75.42 Mb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 29.80 Gb Total Space | 20.50 Gb Free Space | 68.78% Space Free | Partition Type: FAT32
Drive H: | 910.41 Gb Total Space | 712.44 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
Drive I: | 20.00 Gb Total Space | 11.70 Gb Free Space | 58.49% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- H:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- H:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0749E1E5-BD6B-474C-BD21-48891526113E}" = MAGIX Music Maker 17 Download-Version
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{2033DC31-6C96-4E5B-BF51-6BFFDB3E6564}" = HP Officejet 6100 Hilfe
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28FE6C88-97EC-4FC5-8FF3-70E800F5C33E}" = HP Officejet 6100 - Grundlegende Software für das Gerät
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573
"{34D9106C-A947-47ED-B4AB-764736350769}" = Minecraft
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{47ABA255-94C2-420E-82A8-B6A5A6074F32}" = MAGIX Speed burnR (MSI)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{575E60C3-1543-446E-80EA-1768C88D577C}" = NetObjects Fusion 11.0
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{752F3DA2-9D44-4A2C-A65C-544525EACA81}" = MAGIX Goya burnR (MSI)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = VirtualDJ Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{899B4A18-28D3-4566-86BB-11E98A56EC9B}" = MAGIX Music Maker 2013 Trial Soundpools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8F379D4A-1F33-4450-AFE0-F92A9A7BF2D1}_is1" = WYSIWYG BBCode Editor
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92852E20-128F-44C3-92EB-3A7506F9DB2C}" = MAGIX Screenshare
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 7.2.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.1
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D84F41A8-33E6-402A-8DD6-D2244235BCB8}" = LogMeIn Hamachi
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ECD9B590-821B-4618-99E5-01830BC8F076}" = BlueStacks
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F56F8AF3-DC26-4539-A6D0-0B9C12101C58}" = Studie zur Verbesserung von HP Officejet 6100 Produkten
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A3F881-2154-4456-A767-2D638454BCED}" = Nitro Reader 3
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"APB Reloaded" = APB Reloaded
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Behringer FCA202 Audio Driver" = Behringer FCA202 Audio Driver
"Blender" = Blender
"BluffTitler" = BluffTitler
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clownfish" = Clownfish for Skype
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"FarmingSimulator2011_CEDE_is1" = Landwirtschafts Simulator 2011
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.2.8.717
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.8.717
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"GeoGebra" = GeoGebra
"GIMP-2_is1" = GIMP 2.8.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"Incomedia WebSite X5 v8 - Evolution" = Incomedia WebSite X5 v8 - Evolution
"incredibar" = Incredibar Toolbar  on IE and Chrome
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.1 beta
"MAGIX_{47ABA255-94C2-420E-82A8-B6A5A6074F32}" = MAGIX Speed burnR (MSI)
"MAGIX_{752F3DA2-9D44-4A2C-A65C-544525EACA81}" = MAGIX Goya burnR (MSI)
"MAGIX_{92852E20-128F-44C3-92EB-3A7506F9DB2C}" = MAGIX Screenshare
"MAGIX_GlobalContent" = MAGIX Content und Soundpools
"MAGIX_MSI_mm17" = MAGIX Music Maker 17 Download-Version
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MoodEditor" = Pamela RME 2.0
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoScape" = PhotoScape
"Prism" = Prism Video File Converter
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SAM3" = SAM Broadcaster v4
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TIPP10_is1" = TIPP10 Version 2.1.0
"TmNationsForever_is1" = TmNationsForever
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"WNLT" = IB Updater Service
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\*****_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = VirtualDJ Toolbar Updater
"Dropbox" = Dropbox
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
 
< End of report >
und hier ist der 2. Logfile:


Code:
ATTFilter
OTL logfile created on: 12/7/2013 8:23:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files
Drive C: | 100.00 Mb Total Space | 75.42 Mb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 29.80 Gb Total Space | 20.50 Gb Free Space | 68.78% Space Free | Partition Type: FAT32
Drive H: | 910.41 Gb Total Space | 712.44 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
Drive I: | 20.00 Gb Total Space | 11.70 Gb Free Space | 58.49% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (WinHttpAutoProxySvc)
SRV - File not found [Auto] --  -- (NitroReaderDriverReadSpool3)
SRV - [2013/11/29 10:20:40 | 001,664,336 | ---- | M] (LogMeIn Inc.) [Auto] -- H:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/11/23 08:23:16 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/11 05:51:12 | 000,375,056 | ---- | M] (LogMeIn, Inc.) [Auto] -- H:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/10/10 05:25:45 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/10/10 03:49:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/27 03:51:08 | 014,592,288 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/07/27 03:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/21 03:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/20 22:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/07 03:54:58 | 001,156,400 | ---- | M] () [Auto] -- H:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/01/29 08:28:32 | 000,188,760 | ---- | M] () [Auto] -- H:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV - [2012/07/23 09:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto] -- H:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 09:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto] -- H:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/07/13 19:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/29 06:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto] -- H:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/29 06:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto] -- H:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/01/19 06:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Disabled] -- H:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/04/01 05:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled] -- H:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 05:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/17 05:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto] -- H:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 05:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand] -- H:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/02 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled] -- H:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/08/27 10:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- H:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- H:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Disabled] -- H:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/12/05 12:38:26 | 000,595,552 | ---- | M] (Kaspersky Lab ZAO) [File_System | System] -- H:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/12/03 09:34:56 | 000,489,048 | ---- | M] () [File_System | System] -- H:\Windows\System32\drivers\9094670drv.sys -- (9094670drv)
DRV - [2013/10/10 05:32:25 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand] -- H:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/10/10 05:32:24 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand] -- H:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/10/10 05:32:20 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- H:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2013/07/08 06:52:21 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/06/21 07:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/05/14 14:28:30 | 000,034,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible) NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
DRV - [2013/04/26 03:51:01 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/02 09:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/07/23 09:18:34 | 000,064,664 | ---- | M] (BlueStack Systems) [Kernel | Auto] -- H:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012/02/01 07:24:02 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- H:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/24 23:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/27 10:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 10:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 10:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2010/04/27 10:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 08:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/24 05:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- H:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/11/11 23:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/18 10:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/27 06:05:00 | 000,125,184 | ---- | M] (Behringer) [Kernel | On_Demand] -- H:\Windows\System32\drivers\fca202.sys -- (FCA202AudioSrv) Behringer FCA202 Audio Driver (WDM)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5661852518525&ts=1373379598
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5661852518525&ts=1373379598
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5661852518525&ts=1373379598
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=E8961C4BD64778A6&affID=121562&tsp=4918
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.babylon.com/?babsrc=HP_ss_gin2g&mntrId=E8961C4BD64778A6&affID=121562&tsp=4918
IE - HKU\*****_ON_H\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - Reg Error: Key error. File not found
IE - HKU\*****_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\*****_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\*****_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\NetworkService_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\UpdatusUser_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb203?a=6OzfOgdMAn&i=26|hxxp://isearch.babylon.com/?babsrc=HP_ss_btis2&mntrId=E8961C4BD64778A6&affID=121562&tsp=4918"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: H:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: H:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Users\*****\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Users\*****\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013/02/27 12:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 08:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/10/10 05:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/10/10 05:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/10/10 05:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/10/10 05:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/10/10 05:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013/02/27 12:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/03/09 10:13:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com: C:\Program Files\Better-Surf\ff [2013/11/25 07:45:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/17 03:50:31 | 000,000,000 | ---D | M]
 
[2012/01/14 14:19:26 | 000,000,000 | ---D | M] (No name found) -- H:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2013/12/02 10:01:06 | 000,000,000 | ---D | M] (No name found) -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\extensions
[2013/03/20 14:13:58 | 000,000,000 | ---D | M] (iMacros for Firefox) -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/12/02 10:04:19 | 000,000,000 | ---D | M] (No name found) -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\extensions\staged
[2013/06/09 10:25:56 | 000,006,470 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\searchplugins\babylon.xml
[2012/11/01 07:45:07 | 000,002,536 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\searchplugins\browsemngr.xml
[2013/06/09 10:26:59 | 000,001,294 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\searchplugins\delta.xml
[2013/12/03 09:06:19 | 000,002,120 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\searchplugins\MyStart Search.xml
[2013/02/13 08:26:37 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2013/02/13 08:26:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/04 07:38:26 | 000,000,000 | ---D | M] (Default) -- H:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
[2013/03/09 10:13:40 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- H:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2013/10/10 05:32:26 | 000,000,000 | ---D | M] (Anti-Banner) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013/10/10 05:32:26 | 000,000,000 | ---D | M] (Content Blocker) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2013/10/10 05:32:27 | 000,000,000 | ---D | M] (Safe Money) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2013/10/10 05:32:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2013/10/10 05:32:27 | 000,000,000 | ---D | M] (Virtual Keyboard) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
File not found (No name found) -- H:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2013/02/27 12:01:20 | 000,000,000 | ---D | M] (Web Assistant) -- H:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
() (No name found) -- H:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VUL4T7O7.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
[2012/07/13 19:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- H:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:45:08 | 000,001,392 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/13 19:45:08 | 000,002,252 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:45:08 | 000,001,153 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/13 19:45:07 | 000,003,368 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/07/13 19:45:08 | 000,006,805 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/07/09 09:19:58 | 000,000,743 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\qvo6.xml
[2012/07/13 19:45:08 | 000,001,178 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/13 19:45:07 | 000,001,105 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - H:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - H:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - H:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - H:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - H:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - H:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\*****_ON_H\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\*****_ON_H\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\*****_ON_H\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] H:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] H:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] H:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] H:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Nvtmru] H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] H:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] H:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] H:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [XboxStat] H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\*****_ON_H..\Run: [Clownfish] H:\Program Files\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKU\*****_ON_H..\Run: [EADM] H:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\*****_ON_H..\Run: [Google Update] H:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\*****_ON_H..\Run: [Steam] H:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_H..\Run: [Sidebar] H:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [HKCU] H:\Windows\System32\oobe\info\HKCU.vbs ()
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [Screensaver] H:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O4 - Startup: H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ()
O4 - Startup: H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - H:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - H:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - H:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - H:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - H:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll) - H:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - H:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30 - LSA: Authentication Packages - (msv1_0) - H:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - H:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - H:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - H:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - H:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - H:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - H:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - H:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/07 04:47:27 | 000,000,000 | ---D | C] -- H:\Kaspersky Rescue Disk 10.0
[2013/12/06 12:11:55 | 000,000,000 | ---D | C] -- H:\Windows\LastGood
[2013/12/05 12:32:52 | 000,595,552 | ---- | C] (Kaspersky Lab ZAO) -- H:\Windows\System32\drivers\klif.sys
[2013/12/05 12:32:52 | 000,074,848 | ---- | C] (Kaspersky Lab ZAO) -- H:\Windows\System32\drivers\klflt.sys
[2013/12/04 06:58:51 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/04 06:58:50 | 000,000,000 | ---D | C] -- H:\Program Files\LogMeIn Hamachi
[2013/12/03 08:00:20 | 000,000,000 | ---D | C] -- H:\ProgramData\Kaspersky Lab Setup Files
[2013/12/02 12:06:57 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\WinZip
[2013/12/02 10:01:06 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Roaming\Windows Net Data
[2013/12/02 09:46:15 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\DownloadGuide
[2013/11/30 07:00:15 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\Babylon
[2013/11/26 10:59:21 | 000,000,000 | ---D | C] -- H:\ProgramData\regid.1986-12.com.adobe
[2013/11/25 07:46:25 | 000,000,000 | ---D | C] -- H:\ProgramData\McAfee
[2013/11/25 07:46:14 | 000,000,000 | ---D | C] -- H:\Program Files\GamersFirst
[2013/11/25 07:45:42 | 000,000,000 | ---D | C] -- H:\Program Files\Better-Surf
[2013/11/24 13:12:44 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\PC_Jones
[2013/11/24 11:43:10 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\GamersFirst LIVE!
[2013/11/24 11:42:50 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2013/11/24 11:42:46 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\GamersFirst
[2013/11/24 06:23:10 | 000,691,712 | ---- | C] (PC Jones) -- H:\Users\*****\Desktop\Pennergame Bot by PC Jones.exe
[2013/11/23 08:23:18 | 000,646,144 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/23 08:23:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll
[2013/11/23 08:23:16 | 004,240,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/11/23 08:23:16 | 002,724,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtml.tlb
[2013/11/23 08:23:16 | 001,926,656 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2013/11/23 08:23:16 | 001,051,136 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll
[2013/11/23 08:23:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll
[2013/11/23 08:23:16 | 000,645,120 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jsIntl.dll
[2013/11/23 08:23:16 | 000,616,104 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat
[2013/11/23 08:23:16 | 000,610,304 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/11/23 08:23:16 | 000,553,472 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9diag.dll
[2013/11/23 08:23:16 | 000,523,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/11/23 08:23:16 | 000,454,656 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2013/11/23 08:23:16 | 000,440,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/11/23 08:23:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll
[2013/11/23 08:23:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\html.iec
[2013/11/23 08:23:16 | 000,244,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll
[2013/11/23 08:23:16 | 000,238,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll
[2013/11/23 08:23:16 | 000,233,472 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2013/11/23 08:23:16 | 000,208,896 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe
[2013/11/23 08:23:16 | 000,182,272 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll
[2013/11/23 08:23:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll
[2013/11/23 08:23:16 | 000,151,552 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe
[2013/11/23 08:23:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe
[2013/11/23 08:23:16 | 000,116,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll
[2013/11/23 08:23:16 | 000,112,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2013/11/23 08:23:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll
[2013/11/23 08:23:16 | 000,108,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieetwcollector.exe
[2013/11/23 08:23:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll
[2013/11/23 08:23:16 | 000,083,456 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll
[2013/11/23 08:23:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe
[2013/11/23 08:23:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/23 08:23:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\MshtmlDac.dll
[2013/11/23 08:23:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll
[2013/11/23 08:23:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll
[2013/11/23 08:23:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieetwproxystub.dll
[2013/11/23 08:23:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll
[2013/11/23 08:23:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll
[2013/11/23 08:23:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jsproxy.dll
[2013/11/23 08:23:16 | 000,036,352 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll
[2013/11/23 08:23:16 | 000,034,816 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/23 08:23:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll
[2013/11/23 08:23:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll
[2013/11/23 08:23:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe
[2013/11/23 08:23:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieetwcollectorres.dll
[2013/11/13 10:44:32 | 000,000,000 | ---D | C] -- H:\Program Files\Adobe Media Player
[2013/11/13 10:44:32 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/11/13 09:51:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\authui.dll
[2013/11/13 09:51:14 | 000,168,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\credui.dll
[2013/11/13 09:51:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 09:50:14 | 001,038,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\lsasrv.dll
[2013/11/13 09:50:14 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/11/13 09:50:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\sspisrv.dll
[2013/11/13 09:49:40 | 000,656,896 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\nshwfp.dll
[2013/11/13 09:49:40 | 000,216,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\FWPUCLNT.DLL
[2013/11/08 07:06:59 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\SpacialAudio
[2013/11/08 07:06:59 | 000,000,000 | ---D | C] -- H:\ProgramData\firebird
[2013/11/08 07:04:11 | 000,548,864 | ---- | C] (Firebird Project) -- H:\Windows\System32\GDS32.DLL
[2013/11/08 07:04:07 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)
[2013/11/08 07:04:04 | 000,000,000 | ---D | C] -- H:\Program Files\Firebird
[2013/11/08 07:03:58 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
[2013/11/08 07:03:56 | 000,000,000 | ---D | C] -- H:\Program Files\SpacialAudio
[2 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/07 09:59:16 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/12/06 12:12:51 | 000,000,388 | ---- | M] () -- H:\Windows\tasks\AmiUpdXp.job
[2013/12/06 12:11:50 | 000,001,108 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/06 11:40:01 | 000,001,112 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/06 11:27:02 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 11:25:04 | 000,001,152 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1698952921-2369517443-3624809255-1000UA.job
[2013/12/06 08:17:40 | 000,018,784 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 08:17:40 | 000,018,784 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/05 12:38:26 | 000,595,552 | ---- | M] (Kaspersky Lab ZAO) -- H:\Windows\System32\drivers\klif.sys
[2013/12/05 12:38:25 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- H:\Windows\System32\drivers\klflt.sys
[2013/12/05 12:25:00 | 000,001,100 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1698952921-2369517443-3624809255-1000Core.job
[2013/12/05 10:26:57 | 000,000,459 | ---- | M] () -- H:\Users\*****\Desktop\pgbot.settings
[2013/12/04 06:58:52 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/03 09:34:56 | 000,489,048 | ---- | M] () -- H:\Windows\System32\drivers\9094670drv.sys
[2013/12/03 09:05:48 | 417,734,393 | ---- | M] () -- H:\Windows\MEMORY.DMP
[2013/12/03 07:21:21 | 000,000,000 | R--D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/29 10:14:10 | 000,290,776 | ---- | M] () -- H:\Windows\System32\PnkBstrB.xtr
[2013/11/29 09:57:19 | 000,281,288 | ---- | M] () -- H:\Windows\System32\PnkBstrB.ex0
[2013/11/25 08:10:25 | 000,138,904 | ---- | M] () -- H:\Users\*****



\AppData\Roaming\PnkBstrK.sys
[2013/11/24 11:42:50 | 000,001,239 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2013/11/24 06:23:28 | 000,691,712 | ---- | M] (PC Jones) -- H:\Users\*****\Desktop\Pennergame Bot by PC Jones.exe
[2013/11/23 08:23:18 | 000,646,144 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/23 08:23:18 | 000,194,048 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll
[2013/11/23 08:23:16 | 004,240,384 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/11/23 08:23:16 | 002,724,864 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtml.tlb
[2013/11/23 08:23:16 | 001,926,656 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2013/11/23 08:23:16 | 001,051,136 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll
[2013/11/23 08:23:16 | 000,703,488 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll
[2013/11/23 08:23:16 | 000,645,120 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jsIntl.dll
[2013/11/23 08:23:16 | 000,616,104 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat
[2013/11/23 08:23:16 | 000,610,304 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/11/23 08:23:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jscript9diag.dll
[2013/11/23 08:23:16 | 000,523,776 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/11/23 08:23:16 | 000,454,656 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2013/11/23 08:23:16 | 000,440,832 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/11/23 08:23:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll
[2013/11/23 08:23:16 | 000,337,408 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\html.iec
[2013/11/23 08:23:16 | 000,244,736 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll
[2013/11/23 08:23:16 | 000,238,288 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll
[2013/11/23 08:23:16 | 000,233,472 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2013/11/23 08:23:16 | 000,208,896 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe
[2013/11/23 08:23:16 | 000,182,272 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll
[2013/11/23 08:23:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll
[2013/11/23 08:23:16 | 000,151,552 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe
[2013/11/23 08:23:16 | 000,139,264 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe
[2013/11/23 08:23:16 | 000,116,736 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll
[2013/11/23 08:23:16 | 000,112,128 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2013/11/23 08:23:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll
[2013/11/23 08:23:16 | 000,108,032 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieetwcollector.exe
[2013/11/23 08:23:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll
[2013/11/23 08:23:16 | 000,083,456 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll
[2013/11/23 08:23:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe
[2013/11/23 08:23:16 | 000,071,680 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/23 08:23:16 | 000,061,952 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MshtmlDac.dll
[2013/11/23 08:23:16 | 000,061,952 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll
[2013/11/23 08:23:16 | 000,056,832 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll
[2013/11/23 08:23:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieetwproxystub.dll
[2013/11/23 08:23:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll
[2013/11/23 08:23:16 | 000,043,008 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll
[2013/11/23 08:23:16 | 000,043,008 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jsproxy.dll
[2013/11/23 08:23:16 | 000,036,352 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll
[2013/11/23 08:23:16 | 000,034,816 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/23 08:23:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll
[2013/11/23 08:23:16 | 000,024,576 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll
[2013/11/23 08:23:16 | 000,016,284 | ---- | M] () -- H:\Windows\System32\ieuinit.inf
[2013/11/23 08:23:16 | 000,012,800 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe
[2013/11/23 08:23:16 | 000,004,096 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieetwcollectorres.dll
[2013/11/23 03:42:04 | 000,696,832 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/11/23 03:42:04 | 000,652,150 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/11/23 03:42:04 | 000,148,128 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/11/23 03:42:04 | 000,121,082 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/11/14 09:14:50 | 003,806,896 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/11/13 10:47:06 | 000,001,173 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/11/13 10:46:14 | 000,001,135 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/11/13 10:45:26 | 000,001,228 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/11/13 10:44:32 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/11/13 10:44:13 | 000,001,319 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/11/13 10:44:01 | 000,001,485 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/11/13 10:43:06 | 000,000,971 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/11/10 23:50:18 | 000,230,048 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MpSigStub.exe
[2013/11/08 07:04:07 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)
[2013/11/08 07:03:58 | 000,002,006 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2013/11/08 07:03:58 | 000,001,982 | ---- | M] () -- H:\Users\*****\Desktop\SAM Broadcaster.lnk
[2 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/03 09:05:48 | 417,734,393 | ---- | C] () -- H:\Windows\MEMORY.DMP
[2013/12/03 09:04:28 | 000,489,048 | ---- | C] () -- H:\Windows\System32\drivers\9094670drv.sys
[2013/11/24 13:12:42 | 000,000,459 | ---- | C] () -- H:\Users\*****\Desktop\pgbot.settings
[2013/11/24 11:42:50 | 000,001,239 | ---- | C] () -- H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2013/11/23 08:23:16 | 000,016,284 | ---- | C] () -- H:\Windows\System32\ieuinit.inf
[2013/11/13 10:47:06 | 000,001,173 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/11/13 10:46:14 | 000,001,135 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/11/13 10:45:26 | 000,001,228 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/11/13 10:44:13 | 000,001,319 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/11/13 10:44:01 | 000,001,485 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/11/13 10:43:06 | 000,000,971 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/11/08 07:03:58 | 000,002,006 | ---- | C] () -- H:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2013/11/08 07:03:58 | 000,001,982 | ---- | C] () -- H:\Users\*****\Desktop\SAM Broadcaster.lnk
[2013/10/13 08:12:14 | 000,138,904 | ---- | C] () -- H:\Users\*****\AppData\Roaming\PnkBstrK.sys
[2013/08/25 07:57:17 | 000,000,898 | ---- | C] () -- H:\Users\*****\AppData\Local\recently-used.xbel
[2013/07/09 09:22:31 | 000,000,236 | ---- | C] () -- H:\Users\*****\AppData\Roaming\launcher_profiles.json
[2013/02/19 09:00:47 | 000,703,117 | ---- | C] () -- H:\Users\*****\AppData\Roaming\technic-launcher.jar
[2012/12/06 14:09:09 | 000,028,672 | ---- | C] () -- H:\Windows\System32\nnr.dll
[2012/10/29 09:41:06 | 000,000,000 | ---- | C] () -- H:\Windows\System32\Access.dat
[2012/09/04 10:25:59 | 000,000,057 | ---- | C] () -- H:\ProgramData\Ament.ini
[2012/09/03 07:52:06 | 001,156,400 | ---- | C] () -- H:\Windows\System32\dmwu.exe
[2012/09/03 07:52:06 | 000,027,136 | ---- | C] () -- H:\Windows\System32\ImHttpComm.dll
[2012/07/02 15:11:02 | 000,016,384 | ---- | C] () -- H:\Windows\System32\theowl.dll
[2012/02/02 22:00:58 | 000,139,264 | ---- | C] () -- H:\Windows\System32\TCPClient.dll
[2012/02/01 10:53:45 | 000,005,074 | ---- | C] () -- H:\ProgramData\dkelscwb.bbq
[2012/01/13 08:38:54 | 000,008,704 | ---- | C] () -- H:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/13 11:18:58 | 000,252,928 | ---- | C] () -- H:\Windows\System32\DShowRdpFilter.dll
[2011/10/13 10:32:04 | 000,017,408 | ---- | C] () -- H:\Users\*****\AppData\Local\WebpageIcons.db
[2011/10/11 02:35:10 | 000,000,486 | ---- | C] () -- H:\Users\*****\AppData\Roaming\wklnhst.dat
[2011/10/11 02:31:19 | 000,017,232 | ---- | C] () -- H:\Users\*****\AppData\Roaming\UserTile.png
[2011/06/15 06:37:00 | 001,108,992 | ---- | C] () -- H:\Windows\System32\phidget21.dll
[2011/06/09 23:34:52 | 000,080,416 | ---- | C] () -- H:\Windows\System32\RtNicProp32.dll
[2010/08/26 18:34:36 | 000,038,912 | ---- | C] () -- H:\Windows\System32\libvout_wrapper_plugin.dll
[2010/08/26 18:34:36 | 000,034,816 | ---- | C] () -- H:\Windows\System32\libvmem_plugin.dll
[2010/08/26 18:34:34 | 000,243,200 | ---- | C] () -- H:\Windows\System32\libswscale_plugin.dll
[2010/08/26 18:34:32 | 000,065,536 | ---- | C] () -- H:\Windows\System32\libstream_out_transcode_plugin.dll
[2010/08/26 18:34:32 | 000,035,840 | ---- | C] () -- H:\Windows\System32\libstream_out_smem_plugin.dll
[2010/08/26 18:34:30 | 000,051,200 | ---- | C] () -- H:\Windows\System32\libps_plugin.dll
[2010/08/26 18:34:30 | 000,040,448 | ---- | C] () -- H:\Windows\System32\libpacketizer_mpegvideo_plugin.dll
[2010/08/26 18:34:30 | 000,037,888 | ---- | C] () -- H:\Windows\System32\libmpeg_audio_plugin.dll
[2010/08/26 18:34:30 | 000,033,280 | ---- | C] () -- H:\Windows\System32\libmux_wav_plugin.dll
[2010/08/26 18:34:30 | 000,031,232 | ---- | C] () -- H:\Windows\System32\libmpgv_plugin.dll
[2010/08/26 18:34:28 | 000,039,424 | ---- | C] () -- H:\Windows\System32\libfilesystem_plugin.dll
[2010/08/26 18:34:28 | 000,035,328 | ---- | C] () -- H:\Windows\System32\libmjpeg_plugin.dll
[2010/08/26 18:34:28 | 000,033,280 | ---- | C] () -- H:\Windows\System32\libmemcpymmx_plugin.dll
[2010/08/26 18:34:22 | 007,124,992 | ---- | C] () -- H:\Windows\System32\libavcodec_plugin.dll
[2010/08/26 18:34:22 | 002,263,552 | ---- | C] () -- H:\Windows\System32\libvlccore.dll
[2010/08/26 18:34:22 | 000,101,376 | ---- | C] () -- H:\Windows\System32\libvlc.dll
[2010/08/26 18:34:22 | 000,088,064 | ---- | C] () -- H:\Windows\System32\libaccess_http_plugin.dll
[2010/08/26 18:34:22 | 000,032,256 | ---- | C] () -- H:\Windows\System32\libau_plugin.dll
[2010/04/05 19:05:48 | 000,781,312 | ---- | C] () -- H:\Windows\System32\highgui210.dll
[2010/04/05 19:05:16 | 002,085,888 | ---- | C] () -- H:\Windows\System32\cv210.dll
[2010/04/05 19:04:06 | 002,201,088 | ---- | C] () -- H:\Windows\System32\cxcore210.dll
[2009/11/20 05:16:02 | 000,120,200 | ---- | C] () -- H:\Windows\System32\DLLDEV32i.dll
[2009/11/20 05:01:52 | 000,072,017 | ---- | C] () -- H:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2009/11/16 08:24:46 | 000,000,037 | ---- | C] () -- H:\Windows\System32\drivers\VERSION.DAT
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- H:\Windows\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- H:\Windows\System32\OGAEXEC.exe
[2009/07/14 03:47:43 | 000,696,832 | ---- | C] () -- H:\Windows\System32\perfh007.dat
[2009/07/14 03:47:43 | 000,295,922 | ---- | C] () -- H:\Windows\System32\perfi007.dat
[2009/07/14 03:47:43 | 000,148,128 | ---- | C] () -- H:\Windows\System32\perfc007.dat
[2009/07/14 03:47:43 | 000,038,104 | ---- | C] () -- H:\Windows\System32\perfd007.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,806,896 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,652,150 | ---- | C] () -- H:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- H:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,121,082 | ---- | C] () -- H:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- H:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- H:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- H:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- H:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\System32\mlang.dat
[2008/10/27 06:04:54 | 000,047,616 | ---- | C] () -- H:\Windows\System32\fca202aso.dll
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- H:\Windows\System32\PSIService.exe
 
========== LOP Check ==========
 
[2012/01/20 07:57:20 | 000,000,000 | ---D | M] -- H:\ProgramData\AlcaTech
[2013/07/17 11:12:56 | 000,000,000 | ---D | M] -- H:\ProgramData\ALDI Sued Foto Service
[2009/11/20 05:17:16 | 000,000,000 | ---D | M] -- H:\ProgramData\Aldi Sued Fotoservice
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/01/13 08:37:45 | 000,000,000 | ---D | M] -- H:\ProgramData\ashampoo
[2012/11/01 07:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\Babylon
[2012/08/21 11:19:17 | 000,000,000 | ---D | M] -- H:\ProgramData\BlueStacks
[2013/10/09 05:52:39 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/10/10 05:24:20 | 000,000,000 | ---D | M] -- H:\ProgramData\BullGuard
[2012/11/16 12:18:04 | 000,000,000 | ---D | M] -- H:\ProgramData\Canneverbe Limited
[2013/06/13 07:40:57 | 000,000,000 | ---D | M] -- H:\ProgramData\ClubSanDisk
[2012/02/16 11:47:51 | 000,000,000 | ---D | M] -- H:\ProgramData\Codemasters
[2012/04/17 10:51:46 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2013/09/15 12:17:10 | 000,000,000 | -HSD | M] -- H:\ProgramData\DSS
[2012/12/27 13:04:36 | 000,000,000 | ---D | M] -- H:\ProgramData\Electronic Arts
[2013/08/11 07:29:32 | 000,000,000 | ---D | M] -- H:\ProgramData\eSafe
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2013/01/05 14:18:44 | 000,000,000 | ---D | M] -- H:\ProgramData\FileOpen
[2013/11/24 10:03:32 | 000,000,000 | ---D | M] -- H:\ProgramData\firebird
[2013/03/09 10:14:33 | 000,000,000 | ---D | M] -- H:\ProgramData\Freemake
[2012/03/03 04:51:10 | 000,000,000 | ---D | M] -- H:\ProgramData\Iminent
[2013/10/07 06:50:48 | 000,000,000 | ---D | M] -- H:\ProgramData\LogMeIn
[2013/07/22 09:59:11 | 000,000,000 | ---D | M] -- H:\ProgramData\Logs
[2013/08/23 08:12:20 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/07/24 05:44:09 | 000,000,000 | ---D | M] -- H:\ProgramData\MTA San Andreas All
[2013/01/05 14:17:32 | 000,000,000 | ---D | M] -- H:\ProgramData\Nitro
[2013/10/21 10:46:41 | 000,000,000 | ---D | M] -- H:\ProgramData\Oracle
[2013/08/29 08:59:00 | 000,000,000 | ---D | M] -- H:\ProgramData\Origin
[2013/10/13 08:12:52 | 000,000,000 | ---D | M] -- H:\ProgramData\Package Cache
[2012/08/04 03:34:17 | 000,000,000 | ---D | M] -- H:\ProgramData\Pinnacle
[2013/11/26 10:59:49 | 000,000,000 | ---D | M] -- H:\ProgramData\regid.1986-12.com.adobe
[2012/08/04 04:28:22 | 000,000,000 | ---D | M] -- H:\ProgramData\Sony
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2012/03/29 03:23:07 | 000,000,000 | ---D | M] -- H:\ProgramData\Tarma Installer
[2012/03/13 11:18:51 | 000,000,000 | ---D | M] -- H:\ProgramData\TechSmith
[2009/11/16 08:47:48 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2012/12/24 13:01:24 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/02/19 09:16:41 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2012/11/12 08:43:13 | 000,000,000 | ---D | M] -- H:\ProgramData\Visan
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2012/06/04 09:37:58 | 000,000,000 | ---D | M] -- H:\ProgramData\WinZip
[2009/11/16 06:37:16 | 000,000,000 | ---D | M] -- H:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/02/19 09:16:15 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/20 09:52:55 | 000,000,000 | ---D | M] -- H:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/02 08:49:22 | 000,000,000 | -H-D | M] -- H:\ProgramData\{5C19A20F-4C26-4856-A7F0-59B375B8C950}
[2013/12/06 12:12:51 | 000,000,388 | ---- | M] () -- H:\Windows\Tasks\AmiUpdXp.job
[2013/11/13 09:18:18 | 000,032,640 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
__________________
Antwort

Themen zu Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich
booten, desinfektion, desinfizieren, erstell, erstellt, hoffe, ide, inter, interne, internet, internet security, kaspersky, kein booten, logfiles, nicht mehr, nichts, otlpe, programm, schädliches, security, selbständig, stehe, upgrade, windows, windows 7


« Plugin Start! Poppt auf, nach wh. Spam-Mail | Troj/ZbotMem-B fund von Sophos, manuelle Reinigung erforderlich / Windows 7 »


Ähnliche Themen: Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich


  1. Nach Neustart von Windows 7 keine Aktionen (Maus+Tastatur) mehr möglich! Allerdings kein Freeze!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (5)
  2. Es werden keine Windows-DVDs mehr gelesen/ kein Booten möglich
    Alles rund um Windows - 23.04.2014 (4)
  3. GVU Trojaner bei Windows 7, kein booten mehr möglich
    Log-Analyse und Auswertung - 20.11.2013 (9)
  4. Antivirenprogramm findet 18 Viren - nach Upgrade des Programms wird jedoch kein Virus mehr gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (13)
  5. nach Interpol Virus kein starten mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (9)
  6. Kaspersky 2014: mehr Schutz, mehr Soziales
    Nachrichten - 27.08.2013 (0)
  7. Kein Boot mehr möglich nach GVU Sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (3)
  8. Bundestrojaner mit Aufforderung 100 Euro zu zahlen, kein booten mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (13)
  9. Keine Anmeldung bei Windows mehr möglich. Passwort feld fehlt. Kein Internet mehr. Kein Admin mehr.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (5)
  10. WinXP_nach Bootvirusscan kein Booten mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (2)
  11. Verdacht auf Virus/Malware nach Upgrade auf Windows 7 Kaspersky Untersuchung bleibt hängen!
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (3)
  12. Kein booten mehr möglich. Ohne Fehlermeldung.
    Alles rund um Windows - 28.10.2010 (9)
  13. Kein Booten von XP (CD, HD, DISK) möglich
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (10)
  14. Nach Virus löschen kein Doppelklick mehr möglich Windows findes Skript dat nicht.
    Plagegeister aller Art und deren Bekämpfung - 26.02.2010 (3)
  15. Kein booten von xp nach installation von sp3 möglich!
    Alles rund um Windows - 01.05.2008 (17)
  16. Desinfektion von Trojaner mit Kaspersky nicht möglich. Was soll ich tun=
    Antiviren-, Firewall- und andere Schutzprogramme - 27.06.2007 (1)
  17. kein booten von CD möglich...
    Alles rund um Windows - 30.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, - Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich...
Archiv
Du betrachtest: Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131