hope someone could help me please. I ve got a long time ago trouble with my WIndows Systems til now. Don t wanna say how long....
It began with my easy Box 803 Modem, few weeks ago someone detected that there is a security problem in the standard settings and if someone knew that, he could enter the wlan with out any problem. A lot of people which bought the hardware before sep 2011 were vulnerable.
so i think i was attacked over this way.
dont wanna talk so long, so these 2 examples describes my problems the nearest....
http://www.geekstogo...co-maxss-pihar/
http://www.geekstogo...-era/#more-1976
got big problems only to boot, there are virtual usb loop Devices before i am able to start any program or stick or cd ....
If i was wable to install win 7 64 bit, after the installation, windows was only 500 mb big. and i was remoted 10 seconds later. data and printers were completelly unsecured and so on....
i tried ubuntu but it was not better after that.
I made a log with otl and hope that i will soon get help.
Thanks!!!!!!!!
quote]
OTL logfile created on: 22.09.2013 13:58:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\k\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 23,72% Memory free
7,98 Gb Paging File | 4,68 Gb Available in Paging File | 58,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 443,26 Gb Free Space | 95,19% Space Free | Partition Type: NTFS
Drive D: | 101,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 6,45 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: K-PC | User Name: k | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.09.22 13:48:58 | 001,068,040 | ---- | M] (Solid State Networks) -- C:\Users\k\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih[1].exe
PRC - [2013.09.22 13:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\k\Downloads\OTL.exe
PRC - [2013.09.22 13:06:09 | 000,228,000 | ---- | M] (Browzar Ltd.) -- C:\Users\k\AppData\Local\Temp\Temp1_BrowzarBlack2000.zip\BrowzarBlack2000.exe
PRC - [2013.09.22 10:30:43 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013.07.01 20:43:54 | 000,713,288 | ---- | M] (Famatech Corp.) -- C:\Users\k\AppData\Local\Temp\Advanced IP Scanner 2\advanced_ip_scanner.exe
PRC - [2013.05.16 12:49:34 | 004,493,536 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe
PRC - [2013.05.16 12:49:34 | 000,303,368 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
PRC - [2013.02.21 21:06:05 | 055,707,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\WU-IE10-Windows7-x64.exe
PRC - [2012.08.17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
========== Modules (No Company Name) ==========
MOD - [2012.08.17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.09.22 10:30:43 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013.05.16 12:49:34 | 000,303,368 | ---- | M] (Steganos Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe -- (Online Shield Starter Service)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.09.22 13:04:27 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.09.22 13:04:26 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.09.22 13:04:24 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013.09.22 13:04:21 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013.09.22 13:04:17 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.09.22 05:25:56 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013.02.08 15:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013.09.22 13:04:31 | 000,000,000 | ---D | M]
[2013.09.22 10:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\k\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2013.09.22 10:41:11 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\k\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2013.09.22 10:41:12 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\k\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2013.05.15 11:11:48 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\k\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\[email protected]
[2013.06.26 07:17:52 | 000,718,373 | ---- | M] () (No name found) -- C:\Users\k\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
[2013.06.25 16:15:42 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\k\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.15 11:11:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\k\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Device Doctor] C:\Program Files (x86)\Device Doctor\DDLauncher.exe (Device Doctor Software Inc.)
O4 - HKCU..\Run: [SOS_Agent] C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe (Steganos Software GmbH)
O4:64bit: - HKLM..\RunOnce: [ConnecitfyTemp 3] cmd /Q /C "rmdir /S /Q C:\Users\k\AppData\Local\Temp\Connectify\3" File not found
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1ACC8568-2F24-489D-B656-0417469C9700}: NameServer = 10.0.0.222
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.10.27 14:29:14 | 000,000,106 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2012.01.25 16:23:10 | 000,000,121 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4f41c9f7-2334-11e3-a60c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f41c9f7-2334-11e3-a60c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\fsetup.exe -- [2012.11.13 11:40:18 | 000,607,648 | R--- | M] ()
O33 - MountPoints2\{4f41c9ff-2334-11e3-a60c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f41c9ff-2334-11e3-a60c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\shelexec.exe .\starter.html
O33 - MountPoints2\{4f41c9ff-2334-11e3-a60c-806e6f6e6963}\Shell\verb\command - "" = E:\shelexec.exe .\starter.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.09.22 13:06:17 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Browzar
[2013.09.22 11:31:40 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.09.22 11:31:40 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013.09.22 11:23:34 | 001,545,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.09.22 11:20:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013.09.22 11:20:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013.09.22 10:54:04 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.09.22 10:54:04 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.09.22 10:54:04 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.09.22 10:53:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.09.22 10:53:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.09.22 10:41:12 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JonDoFox
[2013.09.22 10:41:11 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Mozilla
[2013.09.22 08:16:16 | 000,069,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysWow64\avmadd32.dll
[2013.09.22 07:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2013.09.22 07:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRITZ!Box
[2013.09.22 07:09:17 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Diagnostics
[2013.09.22 06:57:51 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Adobe
[2013.09.22 06:57:51 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Adobe
[2013.09.22 06:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2013.09.22 06:49:36 | 013,008,896 | ---- | C] (Norman ASA) -- C:\Users\k\Desktop\Norman_201Malware_Cleaner.exe
[2013.09.22 06:48:45 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Malwarebytes
[2013.09.22 06:48:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.09.22 06:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.09.22 06:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.09.22 06:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.09.22 06:48:31 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Programs
[2013.09.22 06:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
[2013.09.22 06:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steganos Online Shield
[2013.09.22 06:35:24 | 029,035,752 | ---- | C] (JonDos GmbH) -- C:\Users\k\Desktop\JonDoFox.paf_1.exe
[2013.09.22 06:32:54 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\k\Desktop\mbam-setup-1.75.0.1300.exe
[2013.09.22 06:32:11 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Steganos VPN
[2013.09.22 06:31:46 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Steganos
[2013.09.22 06:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos
[2013.09.22 06:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.09.22 06:15:29 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.09.22 06:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.09.22 06:11:55 | 000,000,000 | ---D | C] -- C:\Users\k\Desktop\Neuer Ordner
[2013.09.22 06:11:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\k\Desktop\hijackthis.exe
[2013.09.22 06:08:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.09.22 05:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.09.22 05:45:52 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.09.22 05:45:31 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.09.22 05:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.09.22 05:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.09.22 05:45:24 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.09.22 05:45:24 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.09.22 05:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor
[2013.09.22 05:31:58 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Device Doctor
[2013.09.22 05:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Device Doctor
[2013.09.22 05:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.09.22 05:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.09.22 05:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2013.09.22 05:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.09.22 05:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.09.22 05:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.09.22 05:26:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.09.22 05:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.09.22 05:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.09.22 05:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.09.22 05:26:04 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\LavasoftStatistics
[2013.09.22 05:25:56 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.09.22 05:25:56 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.09.22 05:25:56 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Ad-Aware Antivirus
[2013.09.22 05:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013.09.22 05:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.09.22 05:14:59 | 000,000,000 | R--D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.09.22 05:14:59 | 000,000,000 | R--D | C] -- C:\Users\k\Searches
[2013.09.22 05:14:59 | 000,000,000 | R--D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.09.22 05:14:51 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Identities
[2013.09.22 05:14:49 | 000,000,000 | R--D | C] -- C:\Users\k\Contacts
[2013.09.22 05:14:48 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\VirtualStore
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Vorlagen
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\AppData\Local\Verlauf
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\AppData\Local\Temporary Internet Files
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Startmenü
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\SendTo
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Recent
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Netzwerkumgebung
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Lokale Einstellungen
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Documents\Eigene Videos
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Documents\Eigene Musik
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Eigene Dateien
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Documents\Eigene Bilder
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Druckumgebung
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Cookies
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\AppData\Local\Anwendungsdaten
[2013.09.22 05:14:40 | 000,000,000 | -HSD | C] -- C:\Users\k\Anwendungsdaten
[2013.09.22 05:14:39 | 000,000,000 | --SD | C] -- C:\Users\k\AppData\Roaming\Microsoft
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Videos
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Saved Games
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Pictures
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Music
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Links
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Favorites
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Downloads
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Documents
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\Desktop
[2013.09.22 05:14:39 | 000,000,000 | R--D | C] -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.09.22 05:14:39 | 000,000,000 | -H-D | C] -- C:\Users\k\AppData
[2013.09.22 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Temp
[2013.09.22 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Local\Microsoft
[2013.09.22 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Media Center Programs
[2013.09.22 05:14:34 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.09.22 05:14:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.09.22 05:11:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.09.22 05:09:32 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.09.22 05:08:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2013.09.22 13:13:20 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.22 13:13:20 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.22 13:04:27 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.09.22 13:04:26 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.09.22 13:04:24 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013.09.22 13:04:21 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013.09.22 13:04:17 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.09.22 13:04:14 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.09.22 11:21:19 | 000,000,064 | ---- | M] () -- C:\ProgramData\UserElevating_smp
[2013.09.22 11:21:19 | 000,000,029 | ---- | M] () -- C:\ProgramData\UserElevating_tmp
[2013.09.22 11:21:19 | 000,000,026 | ---- | M] () -- C:\ProgramData\UserElevating_app
[2013.09.22 10:33:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.09.22 06:50:47 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2013.09.22 06:37:12 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Steganos Online Shield.lnk
[2013.09.22 06:15:29 | 000,003,185 | ---- | M] () -- C:\Users\k\Desktop\Sophos Virus Removal Tool.lnk
[2013.09.22 06:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.22 06:04:31 | 000,007,599 | ---- | M] () -- C:\Users\k\AppData\Local\Resmon.ResmonCfg
[2013.09.22 05:47:12 | 000,002,344 | ---- | M] () -- C:\Users\k\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.09.22 05:45:53 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.09.22 05:31:59 | 000,001,066 | ---- | M] () -- C:\Users\k\Desktop\Device Doctor.lnk
[2013.09.22 05:30:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.09.22 05:28:35 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.09.22 05:28:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.09.22 05:25:56 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.09.22 05:25:56 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.09.22 05:19:40 | 000,000,680 | RHS- | M] () -- C:\Users\k\ntuser.pol
[2013.09.22 05:18:40 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.09.22 05:18:40 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.09.22 05:18:40 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.09.22 05:18:40 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.09.22 05:18:40 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.22 05:13:07 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.22 05:12:30 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.09.22 05:12:30 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.09.22 05:10:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2013.09.22 11:21:19 | 000,000,064 | ---- | C] () -- C:\ProgramData\UserElevating_smp
[2013.09.22 11:21:19 | 000,000,029 | ---- | C] () -- C:\ProgramData\UserElevating_tmp
[2013.09.22 11:21:19 | 000,000,026 | ---- | C] () -- C:\ProgramData\UserElevating_app
[2013.09.22 06:50:47 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2013.09.22 06:50:47 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2013.09.22 06:48:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.09.22 06:32:16 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Steganos Online Shield.lnk
[2013.09.22 06:31:11 | 000,914,931 | ---- | C] () -- C:\Users\k\Desktop\Superviren.pdf
[2013.09.22 06:15:29 | 000,003,185 | ---- | C] () -- C:\Users\k\Desktop\Sophos Virus Removal Tool.lnk
[2013.09.22 06:04:31 | 000,007,599 | ---- | C] () -- C:\Users\k\AppData\Local\Resmon.ResmonCfg
[2013.09.22 05:47:12 | 000,002,344 | ---- | C] () -- C:\Users\k\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.09.22 05:46:11 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.09.22 05:31:59 | 000,001,066 | ---- | C] () -- C:\Users\k\Desktop\Device Doctor.lnk
[2013.09.22 05:30:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.09.22 05:28:35 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.09.22 05:28:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.09.22 05:28:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.09.22 05:19:40 | 000,000,680 | RHS- | C] () -- C:\Users\k\ntuser.pol
[2013.09.22 05:15:04 | 000,001,409 | ---- | C] () -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.09.22 05:15:01 | 000,001,443 | ---- | C] () -- C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.09.22 05:12:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.09.22 05:12:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.09.22 05:10:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.09.22 05:08:58 | 3214,188,544 | -HS- | C] () -- C:\hiberfil.sys
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.09.22 05:25:56 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Ad-Aware Antivirus
[2013.09.22 13:06:17 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Browzar
[2013.09.22 05:32:42 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Device Doctor
========== Purity Check ==========
< End of report >
[/quote]