Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.12.2013, 22:42   #1
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Hallo,

nachdem ich auf dem PC meines Sohnes Kaspersky Internet Security 2013 auf 2014 abgegradet habe, hat Kaspersky ein (vielleicht vermeintlich) potenziell schädliches Programm selbständig identifiziert und vorgeschlagen, dies zu "desinfizieren". Nachdem ich dem zugestimmt habe, lies sich der PC beim nächsten Mal nicht mehr booten.

Ich habe alle mir zur Verfügung stehen Register gezogen, aber nichts hat gefruchtet, weshalb ich mich dann bzgl. OTLpe etwas eingelesen habe. Mit diesem Programm habe ich zwei Logfiles erstellt, die ich hier zur Verfügung stelle.

Ich hoffe, Ihr könnt mir weiterhelfen.

Viele Grüße
raclawa
Angehängte Dateien
Dateityp: pdf OTL.pdf (85,6 KB, 275x aufgerufen)
Dateityp: pdf Extras.pdf (35,1 KB, 231x aufgerufen)

Alt 08.12.2013, 06:31   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.12.2013, 08:00   #3
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



So, hier ist der 1. Logfile:



Code:
ATTFilter
OTL Extras logfile created on: 12/7/2013 8:23:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files
Drive C: | 100.00 Mb Total Space | 75.42 Mb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 29.80 Gb Total Space | 20.50 Gb Free Space | 68.78% Space Free | Partition Type: FAT32
Drive H: | 910.41 Gb Total Space | 712.44 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
Drive I: | 20.00 Gb Total Space | 11.70 Gb Free Space | 58.49% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- H:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- H:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0749E1E5-BD6B-474C-BD21-48891526113E}" = MAGIX Music Maker 17 Download-Version
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{2033DC31-6C96-4E5B-BF51-6BFFDB3E6564}" = HP Officejet 6100 Hilfe
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28FE6C88-97EC-4FC5-8FF3-70E800F5C33E}" = HP Officejet 6100 - Grundlegende Software für das Gerät
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573
"{34D9106C-A947-47ED-B4AB-764736350769}" = Minecraft
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{47ABA255-94C2-420E-82A8-B6A5A6074F32}" = MAGIX Speed burnR (MSI)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{575E60C3-1543-446E-80EA-1768C88D577C}" = NetObjects Fusion 11.0
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{752F3DA2-9D44-4A2C-A65C-544525EACA81}" = MAGIX Goya burnR (MSI)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = VirtualDJ Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{899B4A18-28D3-4566-86BB-11E98A56EC9B}" = MAGIX Music Maker 2013 Trial Soundpools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8F379D4A-1F33-4450-AFE0-F92A9A7BF2D1}_is1" = WYSIWYG BBCode Editor
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92852E20-128F-44C3-92EB-3A7506F9DB2C}" = MAGIX Screenshare
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 7.2.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.1
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D84F41A8-33E6-402A-8DD6-D2244235BCB8}" = LogMeIn Hamachi
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ECD9B590-821B-4618-99E5-01830BC8F076}" = BlueStacks
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F56F8AF3-DC26-4539-A6D0-0B9C12101C58}" = Studie zur Verbesserung von HP Officejet 6100 Produkten
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A3F881-2154-4456-A767-2D638454BCED}" = Nitro Reader 3
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"APB Reloaded" = APB Reloaded
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Behringer FCA202 Audio Driver" = Behringer FCA202 Audio Driver
"Blender" = Blender
"BluffTitler" = BluffTitler
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clownfish" = Clownfish for Skype
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"FarmingSimulator2011_CEDE_is1" = Landwirtschafts Simulator 2011
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.2.8.717
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.8.717
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"GeoGebra" = GeoGebra
"GIMP-2_is1" = GIMP 2.8.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"Incomedia WebSite X5 v8 - Evolution" = Incomedia WebSite X5 v8 - Evolution
"incredibar" = Incredibar Toolbar  on IE and Chrome
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.1 beta
"MAGIX_{47ABA255-94C2-420E-82A8-B6A5A6074F32}" = MAGIX Speed burnR (MSI)
"MAGIX_{752F3DA2-9D44-4A2C-A65C-544525EACA81}" = MAGIX Goya burnR (MSI)
"MAGIX_{92852E20-128F-44C3-92EB-3A7506F9DB2C}" = MAGIX Screenshare
"MAGIX_GlobalContent" = MAGIX Content und Soundpools
"MAGIX_MSI_mm17" = MAGIX Music Maker 17 Download-Version
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MoodEditor" = Pamela RME 2.0
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoScape" = PhotoScape
"Prism" = Prism Video File Converter
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SAM3" = SAM Broadcaster v4
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TIPP10_is1" = TIPP10 Version 2.1.0
"TmNationsForever_is1" = TmNationsForever
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"WNLT" = IB Updater Service
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\*****_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = VirtualDJ Toolbar Updater
"Dropbox" = Dropbox
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
 
< End of report >
         
und hier ist der 2. Logfile:


Code:
ATTFilter
OTL logfile created on: 12/7/2013 8:23:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files
Drive C: | 100.00 Mb Total Space | 75.42 Mb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 29.80 Gb Total Space | 20.50 Gb Free Space | 68.78% Space Free | Partition Type: FAT32
Drive H: | 910.41 Gb Total Space | 712.44 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
Drive I: | 20.00 Gb Total Space | 11.70 Gb Free Space | 58.49% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (WinHttpAutoProxySvc)
SRV - File not found [Auto] --  -- (NitroReaderDriverReadSpool3)
SRV - [2013/11/29 10:20:40 | 001,664,336 | ---- | M] (LogMeIn Inc.) [Auto] -- H:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/11/23 08:23:16 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/11 05:51:12 | 000,375,056 | ---- | M] (LogMeIn, Inc.) [Auto] -- H:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/10/10 05:25:45 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/10/10 03:49:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/27 03:51:08 | 014,592,288 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/07/27 03:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/21 03:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/20 22:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/07 03:54:58 | 001,156,400 | ---- | M] () [Auto] -- H:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/01/29 08:28:32 | 000,188,760 | ---- | M] () [Auto] -- H:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV - [2012/07/23 09:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto] -- H:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 09:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto] -- H:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/07/13 19:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/29 06:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto] -- H:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/29 06:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto] -- H:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/01/19 06:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Disabled] -- H:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/04/01 05:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled] -- H:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 05:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/17 05:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto] -- H:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 05:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand] -- H:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/02 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled] -- H:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/08/27 10:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- H:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- H:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Disabled] -- H:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/12/05 12:38:26 | 000,595,552 | ---- | M] (Kaspersky Lab ZAO) [File_System | System] -- H:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/12/03 09:34:56 | 000,489,048 | ---- | M] () [File_System | System] -- H:\Windows\System32\drivers\9094670drv.sys -- (9094670drv)
DRV - [2013/10/10 05:32:25 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand] -- H:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/10/10 05:32:24 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand] -- H:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/10/10 05:32:20 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- H:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2013/07/08 06:52:21 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/06/21 07:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/05/14 14:28:30 | 000,034,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible) NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
DRV - [2013/04/26 03:51:01 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/02 09:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/07/23 09:18:34 | 000,064,664 | ---- | M] (BlueStack Systems) [Kernel | Auto] -- H:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012/02/01 07:24:02 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- H:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/24 23:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/27 10:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 10:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 10:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2010/04/27 10:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 08:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/24 05:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- H:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/11/11 23:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/18 10:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/27 06:05:00 | 000,125,184 | ---- | M] (Behringer) [Kernel | On_Demand] -- H:\Windows\System32\drivers\fca202.sys -- (FCA202AudioSrv) Behringer FCA202 Audio Driver (WDM)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5661852518525&ts=1373379598
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5661852518525&ts=1373379598
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5661852518525&ts=1373379598
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=E8961C4BD64778A6&affID=121562&tsp=4918
IE - HKU\*****_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.babylon.com/?babsrc=HP_ss_gin2g&mntrId=E8961C4BD64778A6&affID=121562&tsp=4918
IE - HKU\*****_ON_H\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - Reg Error: Key error. File not found
IE - HKU\*****_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\*****_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\*****_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\NetworkService_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\UpdatusUser_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb203?a=6OzfOgdMAn&i=26|hxxp://isearch.babylon.com/?babsrc=HP_ss_btis2&mntrId=E8961C4BD64778A6&affID=121562&tsp=4918"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: H:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: H:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Users\*****\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Users\*****\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013/02/27 12:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 08:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/10/10 05:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/10/10 05:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/10/10 05:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/10/10 05:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/10/10 05:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013/02/27 12:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/03/09 10:13:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com: C:\Program Files\Better-Surf\ff [2013/11/25 07:45:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/17 03:50:31 | 000,000,000 | ---D | M]
 
[2012/01/14 14:19:26 | 000,000,000 | ---D | M] (No name found) -- H:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2013/12/02 10:01:06 | 000,000,000 | ---D | M] (No name found) -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\extensions
[2013/03/20 14:13:58 | 000,000,000 | ---D | M] (iMacros for Firefox) -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/12/02 10:04:19 | 000,000,000 | ---D | M] (No name found) -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\extensions\staged
[2013/06/09 10:25:56 | 000,006,470 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\searchplugins\babylon.xml
[2012/11/01 07:45:07 | 000,002,536 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\searchplugins\browsemngr.xml
[2013/06/09 10:26:59 | 000,001,294 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\searchplugins\delta.xml
[2013/12/03 09:06:19 | 000,002,120 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vul4t7o7.default\searchplugins\MyStart Search.xml
[2013/02/13 08:26:37 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2013/02/13 08:26:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/04 07:38:26 | 000,000,000 | ---D | M] (Default) -- H:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
[2013/03/09 10:13:40 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- H:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2013/10/10 05:32:26 | 000,000,000 | ---D | M] (Anti-Banner) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013/10/10 05:32:26 | 000,000,000 | ---D | M] (Content Blocker) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2013/10/10 05:32:27 | 000,000,000 | ---D | M] (Safe Money) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2013/10/10 05:32:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2013/10/10 05:32:27 | 000,000,000 | ---D | M] (Virtual Keyboard) -- H:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
File not found (No name found) -- H:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2013/02/27 12:01:20 | 000,000,000 | ---D | M] (Web Assistant) -- H:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
() (No name found) -- H:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VUL4T7O7.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
[2012/07/13 19:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- H:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:45:08 | 000,001,392 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/13 19:45:08 | 000,002,252 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:45:08 | 000,001,153 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/13 19:45:07 | 000,003,368 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/07/13 19:45:08 | 000,006,805 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/07/09 09:19:58 | 000,000,743 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\qvo6.xml
[2012/07/13 19:45:08 | 000,001,178 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/13 19:45:07 | 000,001,105 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - H:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - H:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - H:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - H:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - H:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - H:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\*****_ON_H\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\*****_ON_H\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\*****_ON_H\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] H:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] H:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] H:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] H:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Nvtmru] H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] H:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] H:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] H:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [XboxStat] H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\*****_ON_H..\Run: [Clownfish] H:\Program Files\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKU\*****_ON_H..\Run: [EADM] H:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\*****_ON_H..\Run: [Google Update] H:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\*****_ON_H..\Run: [Steam] H:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_H..\Run: [Sidebar] H:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [HKCU] H:\Windows\System32\oobe\info\HKCU.vbs ()
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [Screensaver] H:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O4 - Startup: H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ()
O4 - Startup: H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - H:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - H:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - H:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - H:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - H:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll) - H:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - H:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30 - LSA: Authentication Packages - (msv1_0) - H:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - H:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - H:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - H:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - H:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - H:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - H:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - H:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/07 04:47:27 | 000,000,000 | ---D | C] -- H:\Kaspersky Rescue Disk 10.0
[2013/12/06 12:11:55 | 000,000,000 | ---D | C] -- H:\Windows\LastGood
[2013/12/05 12:32:52 | 000,595,552 | ---- | C] (Kaspersky Lab ZAO) -- H:\Windows\System32\drivers\klif.sys
[2013/12/05 12:32:52 | 000,074,848 | ---- | C] (Kaspersky Lab ZAO) -- H:\Windows\System32\drivers\klflt.sys
[2013/12/04 06:58:51 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/04 06:58:50 | 000,000,000 | ---D | C] -- H:\Program Files\LogMeIn Hamachi
[2013/12/03 08:00:20 | 000,000,000 | ---D | C] -- H:\ProgramData\Kaspersky Lab Setup Files
[2013/12/02 12:06:57 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\WinZip
[2013/12/02 10:01:06 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Roaming\Windows Net Data
[2013/12/02 09:46:15 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\DownloadGuide
[2013/11/30 07:00:15 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\Babylon
[2013/11/26 10:59:21 | 000,000,000 | ---D | C] -- H:\ProgramData\regid.1986-12.com.adobe
[2013/11/25 07:46:25 | 000,000,000 | ---D | C] -- H:\ProgramData\McAfee
[2013/11/25 07:46:14 | 000,000,000 | ---D | C] -- H:\Program Files\GamersFirst
[2013/11/25 07:45:42 | 000,000,000 | ---D | C] -- H:\Program Files\Better-Surf
[2013/11/24 13:12:44 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\PC_Jones
[2013/11/24 11:43:10 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\GamersFirst LIVE!
[2013/11/24 11:42:50 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2013/11/24 11:42:46 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\GamersFirst
[2013/11/24 06:23:10 | 000,691,712 | ---- | C] (PC Jones) -- H:\Users\*****\Desktop\Pennergame Bot by PC Jones.exe
[2013/11/23 08:23:18 | 000,646,144 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/23 08:23:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll
[2013/11/23 08:23:16 | 004,240,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/11/23 08:23:16 | 002,724,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtml.tlb
[2013/11/23 08:23:16 | 001,926,656 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2013/11/23 08:23:16 | 001,051,136 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll
[2013/11/23 08:23:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll
[2013/11/23 08:23:16 | 000,645,120 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jsIntl.dll
[2013/11/23 08:23:16 | 000,616,104 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat
[2013/11/23 08:23:16 | 000,610,304 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/11/23 08:23:16 | 000,553,472 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9diag.dll
[2013/11/23 08:23:16 | 000,523,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/11/23 08:23:16 | 000,454,656 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2013/11/23 08:23:16 | 000,440,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/11/23 08:23:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll
[2013/11/23 08:23:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\html.iec
[2013/11/23 08:23:16 | 000,244,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll
[2013/11/23 08:23:16 | 000,238,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll
[2013/11/23 08:23:16 | 000,233,472 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2013/11/23 08:23:16 | 000,208,896 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe
[2013/11/23 08:23:16 | 000,182,272 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll
[2013/11/23 08:23:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll
[2013/11/23 08:23:16 | 000,151,552 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe
[2013/11/23 08:23:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe
[2013/11/23 08:23:16 | 000,116,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll
[2013/11/23 08:23:16 | 000,112,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2013/11/23 08:23:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll
[2013/11/23 08:23:16 | 000,108,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieetwcollector.exe
[2013/11/23 08:23:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll
[2013/11/23 08:23:16 | 000,083,456 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll
[2013/11/23 08:23:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe
[2013/11/23 08:23:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/23 08:23:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\MshtmlDac.dll
[2013/11/23 08:23:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll
[2013/11/23 08:23:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll
[2013/11/23 08:23:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieetwproxystub.dll
[2013/11/23 08:23:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll
[2013/11/23 08:23:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll
[2013/11/23 08:23:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jsproxy.dll
[2013/11/23 08:23:16 | 000,036,352 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll
[2013/11/23 08:23:16 | 000,034,816 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/23 08:23:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll
[2013/11/23 08:23:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll
[2013/11/23 08:23:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe
[2013/11/23 08:23:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieetwcollectorres.dll
[2013/11/13 10:44:32 | 000,000,000 | ---D | C] -- H:\Program Files\Adobe Media Player
[2013/11/13 10:44:32 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/11/13 09:51:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\authui.dll
[2013/11/13 09:51:14 | 000,168,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\credui.dll
[2013/11/13 09:51:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 09:50:14 | 001,038,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\lsasrv.dll
[2013/11/13 09:50:14 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/11/13 09:50:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\sspisrv.dll
[2013/11/13 09:49:40 | 000,656,896 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\nshwfp.dll
[2013/11/13 09:49:40 | 000,216,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\FWPUCLNT.DLL
[2013/11/08 07:06:59 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Local\SpacialAudio
[2013/11/08 07:06:59 | 000,000,000 | ---D | C] -- H:\ProgramData\firebird
[2013/11/08 07:04:11 | 000,548,864 | ---- | C] (Firebird Project) -- H:\Windows\System32\GDS32.DLL
[2013/11/08 07:04:07 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)
[2013/11/08 07:04:04 | 000,000,000 | ---D | C] -- H:\Program Files\Firebird
[2013/11/08 07:03:58 | 000,000,000 | ---D | C] -- H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
[2013/11/08 07:03:56 | 000,000,000 | ---D | C] -- H:\Program Files\SpacialAudio
[2 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/07 09:59:16 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/12/06 12:12:51 | 000,000,388 | ---- | M] () -- H:\Windows\tasks\AmiUpdXp.job
[2013/12/06 12:11:50 | 000,001,108 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/06 11:40:01 | 000,001,112 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/06 11:27:02 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 11:25:04 | 000,001,152 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1698952921-2369517443-3624809255-1000UA.job
[2013/12/06 08:17:40 | 000,018,784 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 08:17:40 | 000,018,784 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/05 12:38:26 | 000,595,552 | ---- | M] (Kaspersky Lab ZAO) -- H:\Windows\System32\drivers\klif.sys
[2013/12/05 12:38:25 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- H:\Windows\System32\drivers\klflt.sys
[2013/12/05 12:25:00 | 000,001,100 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1698952921-2369517443-3624809255-1000Core.job
[2013/12/05 10:26:57 | 000,000,459 | ---- | M] () -- H:\Users\*****\Desktop\pgbot.settings
[2013/12/04 06:58:52 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/03 09:34:56 | 000,489,048 | ---- | M] () -- H:\Windows\System32\drivers\9094670drv.sys
[2013/12/03 09:05:48 | 417,734,393 | ---- | M] () -- H:\Windows\MEMORY.DMP
[2013/12/03 07:21:21 | 000,000,000 | R--D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/29 10:14:10 | 000,290,776 | ---- | M] () -- H:\Windows\System32\PnkBstrB.xtr
[2013/11/29 09:57:19 | 000,281,288 | ---- | M] () -- H:\Windows\System32\PnkBstrB.ex0
[2013/11/25 08:10:25 | 000,138,904 | ---- | M] () -- H:\Users\*****



\AppData\Roaming\PnkBstrK.sys
[2013/11/24 11:42:50 | 000,001,239 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2013/11/24 06:23:28 | 000,691,712 | ---- | M] (PC Jones) -- H:\Users\*****\Desktop\Pennergame Bot by PC Jones.exe
[2013/11/23 08:23:18 | 000,646,144 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/23 08:23:18 | 000,194,048 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll
[2013/11/23 08:23:16 | 004,240,384 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/11/23 08:23:16 | 002,724,864 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtml.tlb
[2013/11/23 08:23:16 | 001,926,656 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2013/11/23 08:23:16 | 001,051,136 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll
[2013/11/23 08:23:16 | 000,703,488 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll
[2013/11/23 08:23:16 | 000,645,120 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jsIntl.dll
[2013/11/23 08:23:16 | 000,616,104 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat
[2013/11/23 08:23:16 | 000,610,304 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/11/23 08:23:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jscript9diag.dll
[2013/11/23 08:23:16 | 000,523,776 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/11/23 08:23:16 | 000,454,656 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2013/11/23 08:23:16 | 000,440,832 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/11/23 08:23:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll
[2013/11/23 08:23:16 | 000,337,408 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\html.iec
[2013/11/23 08:23:16 | 000,244,736 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll
[2013/11/23 08:23:16 | 000,238,288 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll
[2013/11/23 08:23:16 | 000,233,472 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2013/11/23 08:23:16 | 000,208,896 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe
[2013/11/23 08:23:16 | 000,182,272 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll
[2013/11/23 08:23:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll
[2013/11/23 08:23:16 | 000,151,552 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe
[2013/11/23 08:23:16 | 000,139,264 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe
[2013/11/23 08:23:16 | 000,116,736 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll
[2013/11/23 08:23:16 | 000,112,128 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2013/11/23 08:23:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll
[2013/11/23 08:23:16 | 000,108,032 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieetwcollector.exe
[2013/11/23 08:23:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll
[2013/11/23 08:23:16 | 000,083,456 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll
[2013/11/23 08:23:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe
[2013/11/23 08:23:16 | 000,071,680 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/23 08:23:16 | 000,061,952 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MshtmlDac.dll
[2013/11/23 08:23:16 | 000,061,952 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll
[2013/11/23 08:23:16 | 000,056,832 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll
[2013/11/23 08:23:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieetwproxystub.dll
[2013/11/23 08:23:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll
[2013/11/23 08:23:16 | 000,043,008 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll
[2013/11/23 08:23:16 | 000,043,008 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\jsproxy.dll
[2013/11/23 08:23:16 | 000,036,352 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll
[2013/11/23 08:23:16 | 000,034,816 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/23 08:23:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll
[2013/11/23 08:23:16 | 000,024,576 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll
[2013/11/23 08:23:16 | 000,016,284 | ---- | M] () -- H:\Windows\System32\ieuinit.inf
[2013/11/23 08:23:16 | 000,012,800 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe
[2013/11/23 08:23:16 | 000,004,096 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieetwcollectorres.dll
[2013/11/23 03:42:04 | 000,696,832 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/11/23 03:42:04 | 000,652,150 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/11/23 03:42:04 | 000,148,128 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/11/23 03:42:04 | 000,121,082 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/11/14 09:14:50 | 003,806,896 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/11/13 10:47:06 | 000,001,173 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/11/13 10:46:14 | 000,001,135 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/11/13 10:45:26 | 000,001,228 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/11/13 10:44:32 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/11/13 10:44:13 | 000,001,319 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/11/13 10:44:01 | 000,001,485 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/11/13 10:43:06 | 000,000,971 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/11/10 23:50:18 | 000,230,048 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MpSigStub.exe
[2013/11/08 07:04:07 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)
[2013/11/08 07:03:58 | 000,002,006 | ---- | M] () -- H:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2013/11/08 07:03:58 | 000,001,982 | ---- | M] () -- H:\Users\*****\Desktop\SAM Broadcaster.lnk
[2 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/03 09:05:48 | 417,734,393 | ---- | C] () -- H:\Windows\MEMORY.DMP
[2013/12/03 09:04:28 | 000,489,048 | ---- | C] () -- H:\Windows\System32\drivers\9094670drv.sys
[2013/11/24 13:12:42 | 000,000,459 | ---- | C] () -- H:\Users\*****\Desktop\pgbot.settings
[2013/11/24 11:42:50 | 000,001,239 | ---- | C] () -- H:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2013/11/23 08:23:16 | 000,016,284 | ---- | C] () -- H:\Windows\System32\ieuinit.inf
[2013/11/13 10:47:06 | 000,001,173 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/11/13 10:46:14 | 000,001,135 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/11/13 10:45:26 | 000,001,228 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/11/13 10:44:13 | 000,001,319 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/11/13 10:44:01 | 000,001,485 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/11/13 10:43:06 | 000,000,971 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/11/08 07:03:58 | 000,002,006 | ---- | C] () -- H:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2013/11/08 07:03:58 | 000,001,982 | ---- | C] () -- H:\Users\*****\Desktop\SAM Broadcaster.lnk
[2013/10/13 08:12:14 | 000,138,904 | ---- | C] () -- H:\Users\*****\AppData\Roaming\PnkBstrK.sys
[2013/08/25 07:57:17 | 000,000,898 | ---- | C] () -- H:\Users\*****\AppData\Local\recently-used.xbel
[2013/07/09 09:22:31 | 000,000,236 | ---- | C] () -- H:\Users\*****\AppData\Roaming\launcher_profiles.json
[2013/02/19 09:00:47 | 000,703,117 | ---- | C] () -- H:\Users\*****\AppData\Roaming\technic-launcher.jar
[2012/12/06 14:09:09 | 000,028,672 | ---- | C] () -- H:\Windows\System32\nnr.dll
[2012/10/29 09:41:06 | 000,000,000 | ---- | C] () -- H:\Windows\System32\Access.dat
[2012/09/04 10:25:59 | 000,000,057 | ---- | C] () -- H:\ProgramData\Ament.ini
[2012/09/03 07:52:06 | 001,156,400 | ---- | C] () -- H:\Windows\System32\dmwu.exe
[2012/09/03 07:52:06 | 000,027,136 | ---- | C] () -- H:\Windows\System32\ImHttpComm.dll
[2012/07/02 15:11:02 | 000,016,384 | ---- | C] () -- H:\Windows\System32\theowl.dll
[2012/02/02 22:00:58 | 000,139,264 | ---- | C] () -- H:\Windows\System32\TCPClient.dll
[2012/02/01 10:53:45 | 000,005,074 | ---- | C] () -- H:\ProgramData\dkelscwb.bbq
[2012/01/13 08:38:54 | 000,008,704 | ---- | C] () -- H:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/13 11:18:58 | 000,252,928 | ---- | C] () -- H:\Windows\System32\DShowRdpFilter.dll
[2011/10/13 10:32:04 | 000,017,408 | ---- | C] () -- H:\Users\*****\AppData\Local\WebpageIcons.db
[2011/10/11 02:35:10 | 000,000,486 | ---- | C] () -- H:\Users\*****\AppData\Roaming\wklnhst.dat
[2011/10/11 02:31:19 | 000,017,232 | ---- | C] () -- H:\Users\*****\AppData\Roaming\UserTile.png
[2011/06/15 06:37:00 | 001,108,992 | ---- | C] () -- H:\Windows\System32\phidget21.dll
[2011/06/09 23:34:52 | 000,080,416 | ---- | C] () -- H:\Windows\System32\RtNicProp32.dll
[2010/08/26 18:34:36 | 000,038,912 | ---- | C] () -- H:\Windows\System32\libvout_wrapper_plugin.dll
[2010/08/26 18:34:36 | 000,034,816 | ---- | C] () -- H:\Windows\System32\libvmem_plugin.dll
[2010/08/26 18:34:34 | 000,243,200 | ---- | C] () -- H:\Windows\System32\libswscale_plugin.dll
[2010/08/26 18:34:32 | 000,065,536 | ---- | C] () -- H:\Windows\System32\libstream_out_transcode_plugin.dll
[2010/08/26 18:34:32 | 000,035,840 | ---- | C] () -- H:\Windows\System32\libstream_out_smem_plugin.dll
[2010/08/26 18:34:30 | 000,051,200 | ---- | C] () -- H:\Windows\System32\libps_plugin.dll
[2010/08/26 18:34:30 | 000,040,448 | ---- | C] () -- H:\Windows\System32\libpacketizer_mpegvideo_plugin.dll
[2010/08/26 18:34:30 | 000,037,888 | ---- | C] () -- H:\Windows\System32\libmpeg_audio_plugin.dll
[2010/08/26 18:34:30 | 000,033,280 | ---- | C] () -- H:\Windows\System32\libmux_wav_plugin.dll
[2010/08/26 18:34:30 | 000,031,232 | ---- | C] () -- H:\Windows\System32\libmpgv_plugin.dll
[2010/08/26 18:34:28 | 000,039,424 | ---- | C] () -- H:\Windows\System32\libfilesystem_plugin.dll
[2010/08/26 18:34:28 | 000,035,328 | ---- | C] () -- H:\Windows\System32\libmjpeg_plugin.dll
[2010/08/26 18:34:28 | 000,033,280 | ---- | C] () -- H:\Windows\System32\libmemcpymmx_plugin.dll
[2010/08/26 18:34:22 | 007,124,992 | ---- | C] () -- H:\Windows\System32\libavcodec_plugin.dll
[2010/08/26 18:34:22 | 002,263,552 | ---- | C] () -- H:\Windows\System32\libvlccore.dll
[2010/08/26 18:34:22 | 000,101,376 | ---- | C] () -- H:\Windows\System32\libvlc.dll
[2010/08/26 18:34:22 | 000,088,064 | ---- | C] () -- H:\Windows\System32\libaccess_http_plugin.dll
[2010/08/26 18:34:22 | 000,032,256 | ---- | C] () -- H:\Windows\System32\libau_plugin.dll
[2010/04/05 19:05:48 | 000,781,312 | ---- | C] () -- H:\Windows\System32\highgui210.dll
[2010/04/05 19:05:16 | 002,085,888 | ---- | C] () -- H:\Windows\System32\cv210.dll
[2010/04/05 19:04:06 | 002,201,088 | ---- | C] () -- H:\Windows\System32\cxcore210.dll
[2009/11/20 05:16:02 | 000,120,200 | ---- | C] () -- H:\Windows\System32\DLLDEV32i.dll
[2009/11/20 05:01:52 | 000,072,017 | ---- | C] () -- H:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2009/11/16 08:24:46 | 000,000,037 | ---- | C] () -- H:\Windows\System32\drivers\VERSION.DAT
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- H:\Windows\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- H:\Windows\System32\OGAEXEC.exe
[2009/07/14 03:47:43 | 000,696,832 | ---- | C] () -- H:\Windows\System32\perfh007.dat
[2009/07/14 03:47:43 | 000,295,922 | ---- | C] () -- H:\Windows\System32\perfi007.dat
[2009/07/14 03:47:43 | 000,148,128 | ---- | C] () -- H:\Windows\System32\perfc007.dat
[2009/07/14 03:47:43 | 000,038,104 | ---- | C] () -- H:\Windows\System32\perfd007.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,806,896 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,652,150 | ---- | C] () -- H:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- H:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,121,082 | ---- | C] () -- H:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- H:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- H:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- H:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- H:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\System32\mlang.dat
[2008/10/27 06:04:54 | 000,047,616 | ---- | C] () -- H:\Windows\System32\fca202aso.dll
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- H:\Windows\System32\PSIService.exe
 
========== LOP Check ==========
 
[2012/01/20 07:57:20 | 000,000,000 | ---D | M] -- H:\ProgramData\AlcaTech
[2013/07/17 11:12:56 | 000,000,000 | ---D | M] -- H:\ProgramData\ALDI Sued Foto Service
[2009/11/20 05:17:16 | 000,000,000 | ---D | M] -- H:\ProgramData\Aldi Sued Fotoservice
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/01/13 08:37:45 | 000,000,000 | ---D | M] -- H:\ProgramData\ashampoo
[2012/11/01 07:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\Babylon
[2012/08/21 11:19:17 | 000,000,000 | ---D | M] -- H:\ProgramData\BlueStacks
[2013/10/09 05:52:39 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/10/10 05:24:20 | 000,000,000 | ---D | M] -- H:\ProgramData\BullGuard
[2012/11/16 12:18:04 | 000,000,000 | ---D | M] -- H:\ProgramData\Canneverbe Limited
[2013/06/13 07:40:57 | 000,000,000 | ---D | M] -- H:\ProgramData\ClubSanDisk
[2012/02/16 11:47:51 | 000,000,000 | ---D | M] -- H:\ProgramData\Codemasters
[2012/04/17 10:51:46 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2013/09/15 12:17:10 | 000,000,000 | -HSD | M] -- H:\ProgramData\DSS
[2012/12/27 13:04:36 | 000,000,000 | ---D | M] -- H:\ProgramData\Electronic Arts
[2013/08/11 07:29:32 | 000,000,000 | ---D | M] -- H:\ProgramData\eSafe
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2013/01/05 14:18:44 | 000,000,000 | ---D | M] -- H:\ProgramData\FileOpen
[2013/11/24 10:03:32 | 000,000,000 | ---D | M] -- H:\ProgramData\firebird
[2013/03/09 10:14:33 | 000,000,000 | ---D | M] -- H:\ProgramData\Freemake
[2012/03/03 04:51:10 | 000,000,000 | ---D | M] -- H:\ProgramData\Iminent
[2013/10/07 06:50:48 | 000,000,000 | ---D | M] -- H:\ProgramData\LogMeIn
[2013/07/22 09:59:11 | 000,000,000 | ---D | M] -- H:\ProgramData\Logs
[2013/08/23 08:12:20 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/07/24 05:44:09 | 000,000,000 | ---D | M] -- H:\ProgramData\MTA San Andreas All
[2013/01/05 14:17:32 | 000,000,000 | ---D | M] -- H:\ProgramData\Nitro
[2013/10/21 10:46:41 | 000,000,000 | ---D | M] -- H:\ProgramData\Oracle
[2013/08/29 08:59:00 | 000,000,000 | ---D | M] -- H:\ProgramData\Origin
[2013/10/13 08:12:52 | 000,000,000 | ---D | M] -- H:\ProgramData\Package Cache
[2012/08/04 03:34:17 | 000,000,000 | ---D | M] -- H:\ProgramData\Pinnacle
[2013/11/26 10:59:49 | 000,000,000 | ---D | M] -- H:\ProgramData\regid.1986-12.com.adobe
[2012/08/04 04:28:22 | 000,000,000 | ---D | M] -- H:\ProgramData\Sony
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2012/03/29 03:23:07 | 000,000,000 | ---D | M] -- H:\ProgramData\Tarma Installer
[2012/03/13 11:18:51 | 000,000,000 | ---D | M] -- H:\ProgramData\TechSmith
[2009/11/16 08:47:48 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2012/12/24 13:01:24 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/02/19 09:16:41 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2012/11/12 08:43:13 | 000,000,000 | ---D | M] -- H:\ProgramData\Visan
[2011/10/10 04:48:33 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2012/06/04 09:37:58 | 000,000,000 | ---D | M] -- H:\ProgramData\WinZip
[2009/11/16 06:37:16 | 000,000,000 | ---D | M] -- H:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/02/19 09:16:15 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/20 09:52:55 | 000,000,000 | ---D | M] -- H:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/02 08:49:22 | 000,000,000 | -H-D | M] -- H:\ProgramData\{5C19A20F-4C26-4856-A7F0-59B375B8C950}
[2013/12/06 12:12:51 | 000,000,388 | ---- | M] () -- H:\Windows\Tasks\AmiUpdXp.job
[2013/11/13 09:18:18 | 000,032,640 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
__________________

Alt 08.12.2013, 08:11   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Hm, das zeigt mal nix.

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.12.2013, 14:40   #5
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Hallo Schrauber,

vielen Dank übrigens für Deine Mühe!!!

Hier das Ergebnis von Farbar's Recovery Scan Tool:




FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2013 01
Ran by SYSTEM on MININT-JANER11 on 08-12-2013 14:15:57
Running from H:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-04] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1398440 2011-12-14] (Ask)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\marvin walter\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [ 2013-12-04] (Valve Corporation)
HKU\marvin walter\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [ 2013-11-23] (Electronic Arts)
HKU\marvin walter\...\Run: [Clownfish] - C:\Program Files\Clownfish\Clownfish.exe [ 2013-07-02] (Bogdan Sharkov)
HKU\marvin walter\...\Run: [Google Update] - C:\Users\marvin walter\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-10-10] (Google Inc.)
HKU\UpdatusUser\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\UpdatusUser\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
AppInit_DLLs: C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [ 2013-07-27] (NVIDIA Corporation)
Startup: C:\Users\marvin walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\marvin walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk ->  (No File)
Startup: C:\Users\marvin walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [395416 2012-07-23] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [383128 2012-07-23] (BlueStack Systems, Inc.)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project)
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1664336 2013-11-29] (LogMeIn Inc.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1156400 2013-04-07] ()
S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-10-11] (LogMeIn, Inc.)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14592288 2013-07-27] (NVIDIA Corporation)
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()
S2 NitroReaderDriverReadSpool3; 

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
S1 9094670drv; C:\Windows\System32\DRIVERS\9094670drv.sys [489048 2013-12-03] ()
S2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [64664 2012-07-23] (BlueStack Systems)
S3 FCA202AudioSrv; C:\Windows\System32\drivers\fca202.sys [125184 2008-10-27] (Behringer)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-10] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-12-05] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-07-08] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-26] (Kaspersky Lab ZAO)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34592 2013-05-14] (NVIDIA Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-02-01] (TuneUp Software)
S3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
S3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-12-05] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-08 14:14 - 2013-12-08 14:14 - 00000000 ____D C:\FRST
2013-12-08 01:55 - 2013-12-08 02:54 - 00043434 _____ C:\Extras.Txt
2013-12-08 01:55 - 2013-12-08 02:53 - 00151992 _____ C:\OTL.Txt
2013-12-07 10:47 - 2013-12-07 16:29 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-12-06 18:11 - 2013-12-06 18:12 - 00000000 ____D C:\Windows\LastGood
2013-12-06 18:02 - 2013-12-06 18:02 - 00262144 _____ C:\Windows\System32\config\elam
2013-12-05 18:32 - 2013-12-05 18:38 - 00595552 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-12-05 18:32 - 2013-12-05 18:38 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-12-04 15:32 - 2013-12-04 15:32 - 05886237 _____ C:\Users\marvin walter\Downloads\BukkitForge-1.5.2-301.jar
2013-12-04 15:26 - 2013-12-04 15:27 - 32299870 _____ C:\Users\marvin walter\Downloads\mcpc-plus-1.5.2-R1.1-forge738-B652.jar
2013-12-04 15:20 - 2013-12-04 15:20 - 00000753 _____ C:\Users\marvin walter\Downloads\startbat.rar
2013-12-04 15:07 - 2013-12-04 15:09 - 48168194 _____ C:\Users\marvin walter\Downloads\Hexxit_Server_v1.0.10.zip
2013-12-04 12:58 - 2013-12-04 12:58 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-12-03 15:33 - 2013-12-03 15:33 - 00550993 _____ C:\Users\marvin walter\Downloads\Tanki Online Crystal Hack v2.0.rar
2013-12-03 15:05 - 2013-12-03 15:06 - 00168912 _____ C:\Windows\Minidump\120313-20498-01.dmp
2013-12-03 15:05 - 2013-12-03 15:05 - 417734393 _____ C:\Windows\MEMORY.DMP
2013-12-03 15:04 - 2013-12-03 15:34 - 00489048 _____ C:\Windows\System32\Drivers\9094670drv.sys
2013-12-03 14:11 - 2013-12-03 14:11 - 00000414 _____ C:\Windows\PFRO.log
2013-12-03 14:00 - 2013-12-03 15:01 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2013-12-03 13:21 - 2013-12-06 18:12 - 00002007 _____ C:\Windows\setupact.log
2013-12-03 13:21 - 2013-12-03 13:21 - 00000000 _____ C:\Windows\setuperr.log
2013-12-02 18:06 - 2013-12-02 18:06 - 00000000 ____D C:\Users\marvin walter\AppData\Local\WinZip
2013-12-02 16:01 - 2013-12-02 16:04 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\Windows Net Data
2013-12-02 15:46 - 2013-12-02 16:01 - 00000000 ____D C:\Users\marvin walter\AppData\Local\DownloadGuide
2013-12-02 15:45 - 2013-12-02 15:46 - 00567144 _____ C:\Users\marvin walter\Downloads\shoppinglist-Downloader.exe
2013-11-30 13:00 - 2013-11-30 13:00 - 00000000 ____D C:\Users\marvin walter\AppData\Local\Babylon
2013-11-29 15:29 - 2013-11-29 15:29 - 00076907 _____ C:\Users\marvin walter\Downloads\APB G1C Hack - Updated!(2).zip
2013-11-26 16:59 - 2013-11-26 16:59 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-25 13:46 - 2013-12-03 13:21 - 00000000 ____D C:\ProgramData\McAfee
2013-11-25 13:46 - 2013-11-25 13:46 - 00000000 ____D C:\Program Files\GamersFirst
2013-11-25 13:45 - 2013-11-25 13:45 - 00000000 ____D C:\Program Files\Better-Surf
2013-11-24 19:12 - 2013-12-05 16:26 - 00000459 _____ C:\Users\marvin walter\Desktop\pgbot.settings
2013-11-24 19:12 - 2013-11-24 19:12 - 00000000 ____D C:\Users\marvin walter\AppData\Local\PC_Jones
2013-11-24 17:43 - 2013-11-25 14:00 - 00000000 ____D C:\Users\marvin walter\AppData\Local\GamersFirst LIVE!
2013-11-24 17:42 - 2013-11-24 17:42 - 00000000 ____D C:\Users\marvin walter\AppData\Local\GamersFirst
2013-11-24 17:41 - 2013-11-24 17:42 - 12844984 _____ (GamersFirst) C:\Users\marvin walter\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2013-11-24 12:23 - 2013-11-24 12:23 - 00691712 _____ (PC Jones) C:\Users\marvin walter\Desktop\Pennergame Bot by PC Jones.exe
2013-11-24 12:22 - 2013-11-24 12:22 - 00197387 _____ C:\Users\marvin walter\Downloads\Pennergame Bot by PC Jones.zip
2013-11-23 14:23 - 2013-11-23 14:23 - 17142784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 11220992 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 04240384 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-23 14:23 - 2013-11-23 14:23 - 02166272 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 01926656 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-23 14:23 - 2013-11-23 14:23 - 01818112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 01156608 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 01051136 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-23 14:23 - 2013-11-23 14:23 - 00610304 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00523776 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-23 14:23 - 2013-11-23 14:23 - 00244736 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00238288 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00233472 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00208384 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00182272 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00151552 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00127488 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-23 14:23 - 2013-11-23 14:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-13 16:44 - 2013-11-13 16:44 - 00000000 ____D C:\Program Files\Adobe Media Player
2013-11-13 15:51 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 15:51 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 15:51 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 15:50 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 15:50 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 15:50 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 15:50 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 15:50 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 15:50 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 15:50 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 15:50 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 15:50 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 15:50 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-13 15:49 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 15:49 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 15:49 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 15:49 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 15:49 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-08 13:06 - 2013-11-24 16:03 - 00000000 ____D C:\ProgramData\firebird
2013-11-08 13:06 - 2013-11-08 13:06 - 00000000 ____D C:\Users\marvin walter\AppData\Local\SpacialAudio
2013-11-08 13:04 - 2013-11-08 13:04 - 00000000 ____D C:\Program Files\Firebird
2013-11-08 13:04 - 2010-09-17 11:13 - 00548864 _____ (Firebird Project) C:\Windows\System32\GDS32.DLL
2013-11-08 13:03 - 2013-11-08 13:03 - 00001982 _____ C:\Users\marvin walter\Desktop\SAM Broadcaster.lnk
2013-11-08 13:03 - 2013-11-08 13:03 - 00000000 ____D C:\Program Files\SpacialAudio
2013-11-08 12:55 - 2012-01-22 13:30 - 00000000 ____D C:\Users\marvin walter\Downloads\SAM Broadcaster

==================== One Month Modified Files and Folders =======

2013-12-08 14:14 - 2013-12-08 14:14 - 00000000 ____D C:\FRST
2013-12-08 02:54 - 2013-12-08 01:55 - 00043434 _____ C:\Extras.Txt
2013-12-08 02:53 - 2013-12-08 01:55 - 00151992 _____ C:\OTL.Txt
2013-12-08 01:49 - 2011-10-10 10:48 - 00000000 ____D C:\users\marvin walter
2013-12-07 16:29 - 2013-12-07 10:47 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-12-07 09:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-12-06 18:12 - 2013-12-06 18:11 - 00000000 ____D C:\Windows\LastGood
2013-12-06 18:12 - 2013-12-03 13:21 - 00002007 _____ C:\Windows\setupact.log
2013-12-06 18:12 - 2012-12-27 16:31 - 00000000 ____D C:\Program Files\Origin
2013-12-06 18:12 - 2012-12-06 17:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-06 18:12 - 2012-09-10 15:15 - 00000000 ____D C:\Program Files\Steam
2013-12-06 18:12 - 2011-10-17 17:17 - 00000000 ____D C:\Users\marvin walter\AppData\Local\LogMeIn Hamachi
2013-12-06 18:11 - 2010-01-11 13:54 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-06 18:10 - 2012-01-02 15:07 - 01457504 _____ C:\Windows\WindowsUpdate.log
2013-12-06 18:02 - 2013-12-06 18:02 - 00262144 _____ C:\Windows\System32\config\elam
2013-12-06 16:21 - 2013-08-26 14:35 - 00000000 ____D C:\Users\marvin walter\Desktop\Restliche JPG & PNG
2013-12-06 16:21 - 2011-12-24 12:53 - 00000000 ____D C:\Users\marvin walter\Desktop\Rest
2013-12-06 15:34 - 2013-05-30 16:01 - 00000000 ____D C:\Users\marvin walter\Desktop\FTB
2013-12-06 14:17 - 2009-07-14 05:34 - 00018784 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 14:17 - 2009-07-14 05:34 - 00018784 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 18:38 - 2013-12-05 18:32 - 00595552 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-12-05 18:38 - 2013-12-05 18:32 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-12-05 18:15 - 2013-09-06 12:51 - 00000076 _____ C:\Users\marvin walter\Desktop\More Klicks-Vorlage.txt
2013-12-05 16:26 - 2013-11-24 19:12 - 00000459 _____ C:\Users\marvin walter\Desktop\pgbot.settings
2013-12-05 15:29 - 2012-09-10 15:15 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-12-04 20:14 - 2009-11-16 12:14 - 00000000 ____D C:\Program Files\Adobe
2013-12-04 19:22 - 2013-08-31 12:59 - 00000275 _____ C:\Users\marvin walter\Desktop\Notizen.txt
2013-12-04 16:02 - 2012-03-19 12:43 - 00000000 ____D C:\Users\marvin walter\AppData\Local\Windows Live
2013-12-04 16:01 - 2011-10-10 14:20 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\Audacity
2013-12-04 15:32 - 2013-12-04 15:32 - 05886237 _____ C:\Users\marvin walter\Downloads\BukkitForge-1.5.2-301.jar
2013-12-04 15:27 - 2013-12-04 15:26 - 32299870 _____ C:\Users\marvin walter\Downloads\mcpc-plus-1.5.2-R1.1-forge738-B652.jar
2013-12-04 15:20 - 2013-12-04 15:20 - 00000753 _____ C:\Users\marvin walter\Downloads\startbat.rar
2013-12-04 15:18 - 2009-11-16 12:38 - 00000000 ____D C:\Program Files\Java
2013-12-04 15:09 - 2013-12-04 15:07 - 48168194 _____ C:\Users\marvin walter\Downloads\Hexxit_Server_v1.0.10.zip
2013-12-04 12:58 - 2013-12-04 12:58 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-12-04 12:58 - 2012-11-28 14:19 - 00000900 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-12-03 15:34 - 2013-12-03 15:04 - 00489048 _____ C:\Windows\System32\Drivers\9094670drv.sys
2013-12-03 15:33 - 2013-12-03 15:33 - 00550993 _____ C:\Users\marvin walter\Downloads\Tanki Online Crystal Hack v2.0.rar
2013-12-03 15:06 - 2013-12-03 15:05 - 00168912 _____ C:\Windows\Minidump\120313-20498-01.dmp
2013-12-03 15:05 - 2013-12-03 15:05 - 417734393 _____ C:\Windows\MEMORY.DMP
2013-12-03 15:05 - 2013-07-08 12:20 - 00000000 ____D C:\Windows\Minidump
2013-12-03 15:01 - 2013-12-03 14:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2013-12-03 14:11 - 2013-12-03 14:11 - 00000414 _____ C:\Windows\PFRO.log
2013-12-03 13:21 - 2013-12-03 13:21 - 00000000 _____ C:\Windows\setuperr.log
2013-12-03 13:21 - 2013-11-25 13:46 - 00000000 ____D C:\ProgramData\McAfee
2013-12-02 18:06 - 2013-12-02 18:06 - 00000000 ____D C:\Users\marvin walter\AppData\Local\WinZip
2013-12-02 17:39 - 2011-10-10 11:55 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\Skype
2013-12-02 16:04 - 2013-12-02 16:01 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\Windows Net Data
2013-12-02 16:01 - 2013-12-02 15:46 - 00000000 ____D C:\Users\marvin walter\AppData\Local\DownloadGuide
2013-12-02 15:46 - 2013-12-02 15:45 - 00567144 _____ C:\Users\marvin walter\Downloads\shoppinglist-Downloader.exe
2013-11-30 13:00 - 2013-11-30 13:00 - 00000000 ____D C:\Users\marvin walter\AppData\Local\Babylon
2013-11-30 12:53 - 2012-12-27 16:59 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\Origin
2013-11-29 16:14 - 2013-10-13 14:25 - 00290776 _____ C:\Windows\System32\PnkBstrB.xtr
2013-11-29 15:57 - 2013-10-13 14:12 - 00281288 _____ C:\Windows\System32\PnkBstrB.ex0
2013-11-29 15:29 - 2013-11-29 15:29 - 00076907 _____ C:\Users\marvin walter\Downloads\APB G1C Hack - Updated!(2).zip
2013-11-28 17:33 - 2012-03-13 17:18 - 00000000 ____D C:\Users\marvin walter\Documents\Camtasia Studio
2013-11-27 15:23 - 2009-11-16 12:14 - 00000000 ____D C:\ProgramData\Adobe
2013-11-26 20:00 - 2012-11-24 14:46 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\vlc
2013-11-26 16:59 - 2013-11-26 16:59 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-26 16:59 - 2011-10-10 11:19 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\Adobe
2013-11-26 16:01 - 2009-11-16 19:39 - 00000000 ____D C:\Windows\Panther
2013-11-25 14:10 - 2013-10-13 14:12 - 00138904 _____ C:\Users\marvin walter\AppData\Roaming\PnkBstrK.sys
2013-11-25 14:00 - 2013-11-24 17:43 - 00000000 ____D C:\Users\marvin walter\AppData\Local\GamersFirst LIVE!
2013-11-25 13:46 - 2013-11-25 13:46 - 00000000 ____D C:\Program Files\GamersFirst
2013-11-25 13:46 - 2013-06-19 15:50 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\OpenCandy
2013-11-25 13:45 - 2013-11-25 13:45 - 00000000 ____D C:\Program Files\Better-Surf
2013-11-24 19:12 - 2013-11-24 19:12 - 00000000 ____D C:\Users\marvin walter\AppData\Local\PC_Jones
2013-11-24 17:42 - 2013-11-24 17:42 - 00000000 ____D C:\Users\marvin walter\AppData\Local\GamersFirst
2013-11-24 17:42 - 2013-11-24 17:41 - 12844984 _____ (GamersFirst) C:\Users\marvin walter\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2013-11-24 17:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-24 16:27 - 2013-09-26 12:51 - 00000000 ____D C:\Users\marvin walter\Documents\FIFA 14
2013-11-24 16:03 - 2013-11-08 13:06 - 00000000 ____D C:\ProgramData\firebird
2013-11-24 12:23 - 2013-11-24 12:23 - 00691712 _____ (PC Jones) C:\Users\marvin walter\Desktop\Pennergame Bot by PC Jones.exe
2013-11-24 12:22 - 2013-11-24 12:22 - 00197387 _____ C:\Users\marvin walter\Downloads\Pennergame Bot by PC Jones.zip
2013-11-24 11:42 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-11-23 14:23 - 2013-11-23 14:23 - 17142784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 11220992 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 04240384 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-23 14:23 - 2013-11-23 14:23 - 02166272 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 01926656 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-23 14:23 - 2013-11-23 14:23 - 01818112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 01156608 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 01051136 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-23 14:23 - 2013-11-23 14:23 - 00610304 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00523776 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-23 14:23 - 2013-11-23 14:23 - 00244736 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00238288 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00233472 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00208384 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00182272 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00151552 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00127488 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-23 14:23 - 2013-11-23 14:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-23 14:23 - 2013-11-23 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-23 14:23 - 2013-11-23 14:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-23 09:57 - 2013-07-16 14:38 - 00000000 ____D C:\Users\marvin walter\AppData\Roaming\.minecraft
2013-11-23 09:42 - 2009-11-16 10:59 - 01613340 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-14 15:16 - 2011-11-12 17:04 - 00000000 ____D C:\Users\marvin walter\AppData\Local\Adobe
2013-11-14 15:14 - 2009-07-14 05:33 - 03806896 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-13 19:54 - 2009-11-16 12:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 19:53 - 2013-08-15 17:07 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 19:51 - 2009-11-16 11:03 - 80340640 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-13 16:49 - 2011-10-10 10:49 - 00133520 _____ C:\Users\marvin walter\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-13 16:45 - 2009-11-16 12:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-13 16:44 - 2013-11-13 16:44 - 00000000 ____D C:\Program Files\Adobe Media Player
2013-11-11 05:50 - 2009-11-16 11:03 - 00230048 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-08 13:06 - 2013-11-08 13:06 - 00000000 ____D C:\Users\marvin walter\AppData\Local\SpacialAudio
2013-11-08 13:04 - 2013-11-08 13:04 - 00000000 ____D C:\Program Files\Firebird
2013-11-08 13:03 - 2013-11-08 13:03 - 00001982 _____ C:\Users\marvin walter\Desktop\SAM Broadcaster.lnk
2013-11-08 13:03 - 2013-11-08 13:03 - 00000000 ____D C:\Program Files\SpacialAudio
2013-11-08 12:55 - 2013-11-07 19:23 - 50198750 _____ C:\Users\marvin walter\Downloads\SAM Broadcaster.rar
2013-11-08 12:34 - 2012-02-03 15:51 - 00000000 ____D C:\Program Files\JDownloader

Some content of TEMP:
====================
C:\Users\marvin walter\AppData\Local\Temp\autorun.dll
C:\Users\marvin walter\AppData\Local\Temp\jansi-32-git-MCPC-Plus-jenkins-MCPC-Plus-Legacy-652.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4023.12 MB
Available physical RAM: 3496.93 MB
Total Pagefile: 4021.39 MB
Available Pagefile: 3508.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.98 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:712.27 GB) NTFS
Drive e: (Recover) (Fixed) (Total:20 GB) (Free:11.69 GB) NTFS
Drive h: (STICK) (Removable) (Total:1.95 GB) (Free:0.92 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 8D9E96FE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-11-30 10:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Hallo Schrauber,

kurze Nebenfrage: In einem anderen Thread habe ich gelesen, dass du (oder ein Kollege) generell folgende Programme NICHT empfiehlst bzw. davon abrätst: ccleaner, TuneUp etc. Warum eigentlich?

GLG raclawa


Alt 08.12.2013, 17:02   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



weil die

a) keinen performance gewinn bringen gegenüber windows-eigenen Mitteln
b) schnell den Rechner unbrauchbar machen

und hier sehen wir auch wieder warum so cleaning-scheiben von AV herstellern komplett fürs Klo sind. Bereinigen was, lassen den REchner unbrauchbar zurück und klauen mir die aktiven Einträge im Log, wo ich mit einem Script in 2 Minuten den Rechner bereinigt habe.

Hier aber können wir gar nix machen, ausser einen Schuss ins Blaue:

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
LastRegBack: 2013-11-30 10:28
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
--> Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich

Alt 08.12.2013, 18:35   #7
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Lächeln

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



So, auch das wäre jetzt erledigt:


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-12-2013 01
Ran by SYSTEM at 2013-12-08 18:32:10 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
LastRegBack: 2013-11-30 10:28
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
         

Alt 09.12.2013, 09:49   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



geht der Rechner wieder?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.12.2013, 14:28   #9
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Hallo,

da ich mich strikt an deine Anweisungen halte, habe ich nach der letzten Aktion nichts Weiteres unternommen - auch keinen Neustart-Versuch.

In anderen Threads waren abschließend meist noch ein paar Empfehlungen zu lesen. Das wollte ich erstmal abwarten.

Da ich jetzt unterwegs bin, wird mein Sohn nach der Schule mal einen Startversuch unternehmen. Ich werde mich melden, sobald ich das Ergebnis weiß.

Vielen Dank nochmals!!!

LG raclawa

Nein, booted noch immer nicht! :-(

LG raclawa

Nein, er booted leider noch immer nicht. :-(

LG raclawa

Alt 10.12.2013, 09:39   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Windows DVD da?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.12.2013, 12:27   #11
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Ich hatte die DVD diese Tage schon gesucht, aber leider noch nicht gefunden. Muss das Zimmer meines Sohnes mal auf den Kopf stellen.

Gäbe es eine Alternative?

Gruß Ralf

Alt 10.12.2013, 14:10   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Nö, sorry. Du kannst noch ne Startreparaut versuchen im Menü Computer reparieren. Wenn das nix bringt brauchen wir die Scheibe.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.12.2013, 19:15   #13
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



So, ich habe endlich die DVD gefunden.

Bin gespannt, wie es weitergeht.

LG Ralf

Alt 11.12.2013, 11:53   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Here you go

"In Place Upgrade"
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.12.2013, 09:40   #15
raclawa
 
Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Standard

Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich



Hallo Schrauber,

so langsam kriege ich einen Fön, was aber natürlich nichts mit dir zu tun hat.

Ich habe mir die Vorgehensweise von "In Place Upgrade" mal durchgelesen und dabei festgestellt, dass ich wohl hierfür nicht die richtige "Scheibe" habe.

Zitat:

"Man Startet das Setup von Windows 7 im laufenden Betrieb. Wichtig hierbei ist, dass es sich bei dem Datenträger um eine OEM- oder Retail-Version handeln muss. Mit sog. Recovery-Datenträgern, wie sie gern von Computerherstellern mitgeliefert werden, funktioniert diese Methode nicht."

Tja, auf dem Scheibchen, das mir vorliegt, steht: Ricovery Disc (Windows 7 Home Premium).

Und jetzt?

LG Ralf

Antwort

Themen zu Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich
booten, desinfektion, desinfizieren, erstell, erstellt, hoffe, ide, inter, interne, internet, internet security, kaspersky, kein booten, logfiles, nicht mehr, nichts, otlpe, programm, schädliches, security, selbständig, stehe, upgrade, windows, windows 7




Ähnliche Themen: Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich


  1. Nach Neustart von Windows 7 keine Aktionen (Maus+Tastatur) mehr möglich! Allerdings kein Freeze!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (5)
  2. Es werden keine Windows-DVDs mehr gelesen/ kein Booten möglich
    Alles rund um Windows - 23.04.2014 (4)
  3. GVU Trojaner bei Windows 7, kein booten mehr möglich
    Log-Analyse und Auswertung - 20.11.2013 (9)
  4. Antivirenprogramm findet 18 Viren - nach Upgrade des Programms wird jedoch kein Virus mehr gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (13)
  5. nach Interpol Virus kein starten mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (9)
  6. Kaspersky 2014: mehr Schutz, mehr Soziales
    Nachrichten - 27.08.2013 (0)
  7. Kein Boot mehr möglich nach GVU Sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (3)
  8. Bundestrojaner mit Aufforderung 100 Euro zu zahlen, kein booten mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (13)
  9. Keine Anmeldung bei Windows mehr möglich. Passwort feld fehlt. Kein Internet mehr. Kein Admin mehr.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (5)
  10. WinXP_nach Bootvirusscan kein Booten mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (2)
  11. Verdacht auf Virus/Malware nach Upgrade auf Windows 7 Kaspersky Untersuchung bleibt hängen!
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (3)
  12. Kein booten mehr möglich. Ohne Fehlermeldung.
    Alles rund um Windows - 28.10.2010 (9)
  13. Kein Booten von XP (CD, HD, DISK) möglich
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (10)
  14. Nach Virus löschen kein Doppelklick mehr möglich Windows findes Skript dat nicht.
    Plagegeister aller Art und deren Bekämpfung - 26.02.2010 (3)
  15. Kein booten von xp nach installation von sp3 möglich!
    Alles rund um Windows - 01.05.2008 (17)
  16. Desinfektion von Trojaner mit Kaspersky nicht möglich. Was soll ich tun=
    Antiviren-, Firewall- und andere Schutzprogramme - 27.06.2007 (1)
  17. kein booten von CD möglich...
    Alles rund um Windows - 30.01.2005 (5)

Zum Thema Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich - Hallo, nachdem ich auf dem PC meines Sohnes Kaspersky Internet Security 2013 auf 2014 abgegradet habe, hat Kaspersky ein (vielleicht vermeintlich) potenziell schädliches Programm selbständig identifiziert und vorgeschlagen, dies zu - Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich...
Archiv
Du betrachtest: Windows 7 / nach Kaspersky 2014 upgrade und anschl. Desinfektion kein Booten mehr möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.