![]() |
|
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner Win7 Bootcampt vermutlich von kinox.toWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to Hallo liebes Foren-Team, GVU-Trojaner (Vollbildschirm Anzeige, man soll Geld überweisen usw.) System Windows 7 auf MacBook per BootCamp Der Befallene Benutzer (Windows-Login) war sh.HKM, die Scanns habe ich als av6.HKM durchgeführt. (Ich hoffe mal das hat keinen negativen Einfluss, also Admin haben beide) Windows 7 eigtl ausschließlich zum arbeiten, kein Surfen sondern nur CAD zeichnen. Leider habe ich vergessen OSX zu booten bevor ich meine Freundin an den Rechner gelassen habe.Daher war sie unter Win7 im Internet (nichtmal einen VirenScanner). Sie meinte es war Kinox.to -...- (ich darf nich drüber nachdenken...). Ich hab den Rechner ausgeschalten, im abgesicherten Modus gebootet, Systemwiederherstellung von letzter Woche. Leider ohne Erfolg, unter dem Benutzer wo der Trojaner aufgetreten war kam er wieder. Deshalb nahm ich einen anderen Login, ich suchte im Inet nach Hilfe, kam auf eure Seite. Leider habe ich die Beginner Anleitung erst gefunden als ich mbar schon angefangen hab durchlaufen zulassen. Das habe ich auch fertig laufen lassen. Es hatte schon 5 Dateien gefunden. Ich habe es beheben lassen. siehe Log mbar mBar LOG Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 sh :: SHWIN7 [administrator] 09.06.2013 23:15:54 mbar-log-2013-06-09 (23-15-54).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P Scan options disabled: PUP Objects scanned: 298314 Time elapsed: 1 hour(s), 15 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon32.exe (Trojan.Agent.Gen) -> Data: C:\PROGRA~3\rundll32.exe C:\PROGRA~3\nior4.dat,XFG00 -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 c:\ProgramData\nior4.dat (Trojan.FakeMS) -> Delete on reboot. c:\Users\sh.HKM\AppData\Local\Temp\cxrxuyakjrkokhphroj.bfg (Trojan.FakeMS) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-829343884-2666764345-3519855931-1178\$R6OF5KF.exe (RiskWare.Tool.CK) -> Delete on reboot. c:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end)a Code:
ATTFilter OTL logfile created on: 10.06.2013 00:39:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\av6\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 81,07% Memory free 15,82 Gb Paging File | 14,11 Gb Available in Paging File | 89,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 166,98 Gb Total Space | 50,36 Gb Free Space | 30,16% Space Free | Partition Type: NTFS Drive D: | 530,85 Gb Total Space | 23,07 Gb Free Space | 4,35% Space Free | Partition Type: HFS Computer Name: SHWIN7 | User Name: sh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.06.09 23:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\av6\Desktop\OTL.exe PRC - [2013.05.13 13:21:42 | 000,601,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe PRC - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.18 21:08:34 | 001,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 15:01:10 | 000,650,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\103f18bf086b6fd674d6e7edbb513a5e\HD-Agent.ni.exe MOD - [2013.06.03 15:01:02 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\eeaa358ae934021a81a71f48ea45989b\JSON.ni.dll MOD - [2012.09.23 21:43:36 | 000,313,992 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll MOD - [2012.01.10 20:47:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2012.01.10 20:46:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2012.01.10 20:46:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2012.01.10 20:46:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2012.01.10 20:46:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2012.01.10 20:46:00 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2012.01.10 20:45:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.04.12 09:43:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.06.29 07:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv) SRV:64bit: - [2011.06.29 07:49:36 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr) SRV:64bit: - [2011.06.13 18:34:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.16 16:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.22 03:51:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2013.05.13 13:20:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.13 20:49:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.21 22:54:48 | 000,073,368 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe -- (VMTools) SRV - [2012.06.22 12:38:55 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.01 13:14:26 | 000,566,096 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway) SRV - [2012.05.01 13:14:26 | 000,509,776 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc) SRV - [2012.02.02 18:14:36 | 000,336,248 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV - [2011.10.31 18:39:56 | 000,189,304 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV - [2011.10.31 18:39:42 | 000,143,736 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.04.03 11:02:52 | 000,032,096 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher$IMOSSQL2008R2) SRV - [2010.04.03 11:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\sqlservr.exe -- (MSSQL$IMOSSQL2008R2) SRV - [2010.04.03 11:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$IMOSSQL2008R2) SRV - [2010.04.03 11:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.04.03 11:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.09 23:15:16 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2013.03.06 16:00:10 | 000,388,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XLHASP.sys -- (XLHASP) DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2012.08.21 22:58:18 | 000,218,776 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp) DRV:64bit: - [2012.08.21 22:52:44 | 000,015,512 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusbmouse.sys -- (vmusbmouse) DRV:64bit: - [2012.08.21 22:52:24 | 000,014,488 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse) DRV:64bit: - [2012.08.21 22:51:50 | 000,125,080 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\vmhgfs.sys -- (vmhgfs) DRV:64bit: - [2012.08.21 14:10:40 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.08.21 14:10:40 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.05 21:44:42 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM) DRV:64bit: - [2011.06.29 07:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS) DRV:64bit: - [2011.06.29 07:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT) DRV:64bit: - [2011.06.29 07:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver) DRV:64bit: - [2011.06.29 07:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent) DRV:64bit: - [2011.06.13 18:37:15 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.06.13 18:37:12 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter) DRV:64bit: - [2011.06.13 18:37:07 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.06.13 18:37:06 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2011.06.13 18:37:06 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011.06.13 18:34:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.13 18:34:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.03 13:18:28 | 000,052,736 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt) DRV:64bit: - [2011.05.26 21:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic) DRV:64bit: - [2011.03.25 03:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt) DRV:64bit: - [2011.03.25 03:31:56 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp) DRV:64bit: - [2011.03.25 03:31:56 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm) DRV:64bit: - [2011.03.25 03:31:33 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.04.03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2009.09.21 08:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.08.20 07:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.13 10:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2009.03.13 10:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2007.07.31 19:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2007.07.23 14:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV - [2013.05.13 13:20:44 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2012.08.21 22:52:08 | 000,017,560 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Common Files\VMware\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL) DRV - [2012.08.21 22:50:38 | 000,046,232 | ---- | M] (VMware, Inc.) [Kernel | System | Running] -- C:\Programme\VMware\VMware Tools\vmrawdsk.sys -- (vmrawdsk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 B2 76 AF 6D 61 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.backup.ftp: "192.168.2.4" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "192.168.2.4" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "192.168.2.4" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "192.168.2.4" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "192.168.2.4" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.2.4" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "192.168.2.4" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 03:51:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 03:51:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 14:38:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 03:51:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 03:51:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 14:38:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.06.23 18:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\Extensions [2013.05.13 11:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\Firefox\Profiles\hs7o6e7f.default\extensions [2013.05.13 11:01:24 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.01.07 11:12:29 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.06.25 16:58:57 | 000,003,915 | ---- | M] () -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\searchplugins\sweetim.xml [2013.05.22 03:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 03:51:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.08.09 16:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll O1 HOSTS File: ([2013.02.19 18:22:23 | 000,000,846 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 192.168.250.1 server O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4:64bit: - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.250.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hkm.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04581D58-4F0B-4D4E-8CF1-B027230788FC}: DhcpNameServer = 192.168.250.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05875837-CC3B-47D3-BCCC-30337B3671D0}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFE8A30-71E8-40B2-9A7E-C8E872EB60A4}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30BA0B08-E2B7-4CEC-9E32-4F522B825B35}: DhcpNameServer = 172.16.49.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BB9FEC1-3406-49C8-81D1-3B15B3C26870}: DhcpNameServer = 192.168.250.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 23:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.09 23:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.09 21:57:33 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\AppData\Roaming\Wireshark [2013.06.05 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Documents\Visual Studio 2005 [2013.06.05 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Documents\SQL Server Management Studio [2013.06.03 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.06.03 14:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2013.06.03 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013.06.03 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2013.06.03 14:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2013.06.03 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2013.06.03 14:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2013.05.22 21:17:12 | 000,000,000 | ---D | C] -- C:\.fseventsd [2013.05.22 03:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.17 14:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.13 11:06:24 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Desktop\Arbeit [2013.05.12 14:43:01 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys [2013.05.12 14:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobalSat Technology [2013.05.12 14:39:38 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Globalsat GS-Sport [2013.05.12 14:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific [2013.05.12 14:24:16 | 000,090,112 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys [1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.10 00:35:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.10 00:35:48 | 2077,282,303 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 00:17:52 | 000,000,000 | ---- | M] () -- C:\Users\sh.HKM\defogger_reenable [2013.06.09 23:49:52 | 001,797,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.09 23:49:52 | 000,762,498 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.09 23:49:52 | 000,717,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.09 23:49:52 | 000,173,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.09 23:49:52 | 000,146,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.09 23:40:38 | 095,023,320 | ---- | M] () -- C:\ProgramData\4roin.pad [2013.06.09 23:15:16 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.06.09 23:08:17 | 000,021,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-a289-439d-8115-601632D005A0 [2013.06.09 23:08:17 | 000,021,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-a289-439d-8115-601632D005A0 [2013.06.09 22:30:32 | 000,001,033 | ---- | M] () -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk [2013.06.09 22:30:29 | 000,002,645 | ---- | M] () -- C:\ProgramData\4roin.js [2013.06.09 22:30:29 | 000,000,151 | ---- | M] () -- C:\ProgramData\4roin.reg [2013.06.09 22:30:29 | 000,000,056 | ---- | M] () -- C:\ProgramData\4roin.bat [2013.06.09 19:35:41 | 575,127,510 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.07 12:26:45 | 001,117,753 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Foto.JPG [2013.06.07 11:15:45 | 000,132,927 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Re_ Zuschnittliste für Schelling-Säge.pdf [2013.06.07 11:11:30 | 000,037,796 | ---- | M] () -- C:\Users\sh.HKM\Desktop\vpex3250 - kumulierte Schnittliste.pdf [2013.06.07 10:35:48 | 000,003,390 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg [2013.06.05 16:47:40 | 000,465,943 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9762_b.jpg [2013.06.05 16:47:38 | 000,528,392 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9754_b.jpg [2013.06.05 16:47:37 | 000,603,113 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9751_b.jpg [2013.06.05 16:47:36 | 000,462,500 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9791_b.jpg [2013.06.05 16:47:34 | 000,558,925 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9780_b_k.jpg [2013.06.05 11:46:41 | 000,447,191 | ---- | M] () -- C:\Users\sh.HKM\Desktop\MPRPP.zip [2013.06.05 11:42:31 | 008,233,032 | ---- | M] () -- C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip [2013.06.05 09:31:29 | 000,022,528 | ---- | M] () -- C:\Users\sh.HKM\Desktop\MMA Grundformm.pdf [2013.06.05 08:47:35 | 000,002,008 | -H-- | M] () -- C:\Users\sh.HKM\Documents\Default.rdp [2013.06.03 14:39:21 | 000,001,545 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Wireshark.lnk [2013.05.28 16:46:31 | 000,000,841 | ---- | M] () -- C:\Users\sh.HKM\AppData\Local\recently-used.xbel [2013.05.27 16:48:09 | 000,000,798 | ---- | M] () -- C:\Users\sh.HKM\Desktop\cnc.lnk [2013.05.27 11:44:54 | 000,000,798 | ---- | M] () -- C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk [2013.05.27 08:37:20 | 000,000,657 | ---- | M] () -- C:\Users\sh.HKM\Desktop\SÄGE.lnk [2013.05.27 08:37:08 | 000,000,758 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk [2013.05.20 12:45:02 | 000,006,148 | ---- | M] () -- C:\.DS_Store [2013.05.12 14:39:39 | 000,002,388 | ---- | M] () -- C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk [1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.10 00:17:52 | 000,000,000 | ---- | C] () -- C:\Users\sh.HKM\defogger_reenable [2013.06.09 23:15:16 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.06.09 22:30:32 | 000,001,033 | ---- | C] () -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk [2013.06.09 22:30:29 | 000,002,645 | ---- | C] () -- C:\ProgramData\4roin.js [2013.06.09 22:30:29 | 000,000,151 | ---- | C] () -- C:\ProgramData\4roin.reg [2013.06.09 22:30:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\4roin.bat [2013.06.09 22:30:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\4roin.pad [2013.06.07 12:26:44 | 001,117,753 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Foto.JPG [2013.06.07 11:15:43 | 000,132,927 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Re_ Zuschnittliste für Schelling-Säge.pdf [2013.06.07 11:11:29 | 000,037,796 | ---- | C] () -- C:\Users\sh.HKM\Desktop\vpex3250 - kumulierte Schnittliste.pdf [2013.06.07 10:35:48 | 000,003,390 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg [2013.06.05 16:47:38 | 000,465,943 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9762_b.jpg [2013.06.05 16:47:37 | 000,528,392 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9754_b.jpg [2013.06.05 16:47:36 | 000,603,113 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9751_b.jpg [2013.06.05 16:47:34 | 000,462,500 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9791_b.jpg [2013.06.05 16:47:33 | 000,558,925 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9780_b_k.jpg [2013.06.05 11:46:41 | 000,447,191 | ---- | C] () -- C:\Users\sh.HKM\Desktop\MPRPP.zip [2013.06.05 11:42:26 | 008,233,032 | ---- | C] () -- C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip [2013.06.05 09:31:28 | 000,022,528 | ---- | C] () -- C:\Users\sh.HKM\Desktop\MMA Grundformm.pdf [2013.06.03 14:39:21 | 000,001,545 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Wireshark.lnk [2013.05.28 16:46:31 | 000,000,841 | ---- | C] () -- C:\Users\sh.HKM\AppData\Local\recently-used.xbel [2013.05.27 16:57:27 | 000,121,344 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Begleitscheine.xlt [2013.05.27 16:48:09 | 000,000,798 | ---- | C] () -- C:\Users\sh.HKM\Desktop\cnc.lnk [2013.05.27 11:44:54 | 000,000,798 | ---- | C] () -- C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk [2013.05.27 08:37:20 | 000,000,657 | ---- | C] () -- C:\Users\sh.HKM\Desktop\SÄGE.lnk [2013.05.27 08:37:08 | 000,000,758 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk [2013.05.12 14:43:01 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD [2013.05.12 14:39:39 | 000,002,388 | ---- | C] () -- C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk [2013.05.12 14:24:01 | 003,362,768 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Crivit_GH625M.zip [2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012.11.26 14:58:14 | 000,000,279 | ---- | C] () -- C:\Windows\IMOSCAM.INI [2012.10.11 22:28:16 | 000,012,292 | ---- | C] () -- C:\Users\sh.HKM\.DS_Store [2012.08.22 22:48:45 | 000,000,058 | ---- | C] () -- C:\Users\sh.HKM\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2012.07.21 14:37:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.07.21 14:34:25 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012.06.25 20:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\cms.INI [2012.06.23 18:15:23 | 000,001,338 | RHS- | C] () -- C:\Users\sh.HKM\ntuser.pol [2012.06.23 18:14:34 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.06.22 14:16:53 | 000,000,389 | ---- | C] () -- C:\Windows\IMOSCAM_local.INI [2012.06.22 14:16:53 | 000,000,236 | ---- | C] () -- C:\Windows\IMOSR18.INI [2012.06.22 12:39:36 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.06.22 12:29:17 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.20 16:53:07 | 000,000,137 | ---- | C] () -- C:\Windows\ODBC.INI [2012.06.20 16:51:57 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.06.20 12:04:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.20 12:02:20 | 000,014,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.06.20 11:59:43 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011.08.30 07:25:09 | 014,173,184 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.08.30 06:21:25 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.07 17:50:57 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\.purple [2013.05.28 17:15:20 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Autodesk [2012.09.01 11:58:23 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Business Objects [2012.09.02 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Clonk Rage [2013.01.03 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\DesignManagerWPFExe [2012.08.22 22:48:45 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\DonationCoder [2013.06.10 00:32:50 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Dropbox [2012.08.10 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Foxit Software [2012.07.20 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Genie-Soft [2012.06.26 23:24:07 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\pdfforge [2012.09.06 10:48:26 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\SAMSUNG [2012.08.23 08:49:19 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Software4u [2012.09.09 13:12:08 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Spotify [2013.02.19 17:38:40 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\TeamViewer [2012.06.24 14:52:14 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Thunderbird [2013.06.09 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Wireshark ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\sh.HKM\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.VISE Temp Items:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.TemporaryItems:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.DS_Store:AFP_AfpInfo < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.06.2013 00:39:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\av6\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 81,07% Memory free 15,82 Gb Paging File | 14,11 Gb Available in Paging File | 89,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 166,98 Gb Total Space | 50,36 Gb Free Space | 30,16% Space Free | Partition Type: NTFS Drive D: | 530,85 Gb Total Space | 23,07 Gb Free Space | 4,35% Space Free | Partition Type: HFS Computer Name: SHWIN7 | User Name: sh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00DE41AC-4DBA-4366-A647-912FDB7873FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{052A94BF-D0DF-42FB-AF18-FAD15860EB64}" = rport=2869 | protocol=6 | dir=out | app=system | "{08DFB070-3478-4104-91FF-FCBC2EBBB8E5}" = rport=137 | protocol=17 | dir=out | app=system | "{32DF7C64-2953-4EF2-AA49-8D4FDA67BFFD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{47A125FA-11E8-437E-9B6D-8DF396C7B47F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4A55CFC0-4698-47EE-9A5B-9375615E3F3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A7CD407-9AFA-4351-B3D8-9F47BE1FB50F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{564A7F37-F81B-4BFC-A36B-A3BD648E69A9}" = lport=445 | protocol=6 | dir=in | app=system | "{6B8D6AE9-DA4D-4310-AF86-A0D8528BB25E}" = rport=139 | protocol=6 | dir=out | app=system | "{75A26979-2AE1-498A-9CF5-FD0CBC63A8C1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{90F6EF3A-5666-42CF-9636-D62D7060A567}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A35697BD-9A3B-4E65-A7B9-B3B2A45EBB48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A5E5537E-7C1B-4259-BDC9-771B34FFE195}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AC6A4E68-CB52-4068-960E-CFE909589AA3}" = rport=445 | protocol=6 | dir=out | app=system | "{BDB1C38B-F6BC-438D-A88D-474CC99960FD}" = lport=138 | protocol=17 | dir=in | app=system | "{C6004E9E-A5E9-4863-8EBE-EFC064C3BE0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C9BDA957-F68B-4080-9222-1D7D7411B34D}" = lport=139 | protocol=6 | dir=in | app=system | "{CDDA0E9A-D215-4B2D-A8E9-DAF69A34AD6E}" = lport=2869 | protocol=6 | dir=in | app=system | "{DB018724-3D87-49B5-9BF3-2AA45D196C22}" = rport=138 | protocol=17 | dir=out | app=system | "{E0859FD2-1EF8-4D2C-B09E-C7DF43C78BFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F1630F94-7600-4927-AB5C-94EF4AD61480}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{F41883E1-EEB7-468D-95F1-FE0D6B3D07DF}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04E2A043-8717-4C6D-8CD0-3542AB8A0B00}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{065B046C-C604-4CB3-B1E2-63F854708412}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | "{0683B911-B72E-4B05-B7F7-0567A2EAEC64}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{07643037-76E8-4BB6-A2D4-E8CFFA005B97}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{084D15F8-A3AE-45F2-B952-8F561EA513FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{09B8DD6A-6C11-403B-B65D-F80235FAFB36}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{0A8E9EC5-BBCF-4786-A5C6-D7DE91576B03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0BAB3A44-AC06-4401-905B-ABBE3752131B}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | "{0E4BE5F4-CF17-44C3-B837-1823BD8E6DA6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{116D1DA9-A86C-4029-B2BF-4BDD0D062548}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{139F317F-B693-4BEC-AF49-C35B4860D236}" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe | "{1699AD85-8B06-4F9B-899D-4A6FCD1BE262}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1A078F6F-48BA-4E0E-B8B0-154D45D95798}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{1C5E4C40-76DB-4221-A6DA-53224EB4ED1B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{23D5C818-BF78-4C49-B55E-D6EC3196873B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2D5387F1-5BBD-4F3D-8B49-DBA3ABFEB5CD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3FABDF01-843B-4380-B73B-6CE64EEFDE77}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{42D8B384-BDF0-4606-9CD3-6FAF229C9717}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{43EDBAC2-9C79-4E2E-ABBC-F1F03302DBD0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{58341219-AF29-4948-A4A2-249AA385C1F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{58F165BC-0B7D-4693-BFC2-E7FD5F8E86BE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{67FA6FD3-F0B3-4E40-9EA3-7E8410D43AA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6D039D95-14CD-4294-AC89-0ADDDF0673C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{788905D7-6B8F-4729-8274-B616545E86F9}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{8EA98574-962E-4B2F-AB28-1600E7934D52}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | "{966AD561-AB95-4B6B-9DBF-4D916972E571}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A93A7895-E372-4151-A14B-42B03F412F3E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{B8020305-8BDE-4C24-AAFC-9D9C7777DBC6}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | "{B8CCCA5D-9F82-456A-A6C0-1E32330B4C82}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{BC01774B-145F-4AC8-816A-4B7F9A1C6330}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BCC37AA9-9E39-4076-93EE-4100715F58A6}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{C65534A3-CBFA-46E3-9E6C-AE6B59ABE184}" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe | "{C7966377-D379-442E-BB18-56C24CDE5693}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CF89F805-BE69-4E61-BBF2-F430D1F4CCCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E529F1C9-BF89-4CC1-94CB-F53926253026}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{EBC59386-EFC5-441E-9D8C-21A1BD4905C7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{EFEDF333-B5E9-4D5D-8F5B-EA165E33B204}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F7ECD1F1-FD52-4A6C-A5E2-B8A30786415A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{3985C84E-4D4F-4C8E-9A0D-60019DB8268D}C:\program files\autodesk\autocad 2012 - deutsch\acad.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\autocad 2012 - deutsch\acad.exe | "TCP Query User{51FC3D9A-BD56-4C42-826D-3A9640B7E5EE}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe | "TCP Query User{57F2B15A-689F-434C-B509-E0EFE1A3F9DF}C:\users\sh.hkm\appdata\local\temp\ab0d.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\sh.hkm\appdata\local\temp\ab0d.tmp\kmservice.exe | "TCP Query User{6370F738-E4F3-4390-B3D7-D694DBC479F6}C:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{7E00D4A4-1100-4C50-9B4C-6E8BF9A84445}C:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{8C794D51-960F-455D-95FE-659AC6C2AF69}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe | "TCP Query User{8E0C838F-112C-4523-8096-6CEB69C9DEE3}C:\program files\imos ag\imos cad 10.0\bin\designmanagerwpf.exe" = protocol=6 | dir=in | app=c:\program files\imos ag\imos cad 10.0\bin\designmanagerwpf.exe | "TCP Query User{C1FC422C-0A47-4939-91D1-DEDD731D203B}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe | "TCP Query User{D82EEF12-0B8A-46F5-8939-7DD1FB7D3E1F}C:\program files (x86)\clonk rage\clonk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\clonk rage\clonk.exe | "TCP Query User{E53CBE93-3A64-4266-B4D4-3A7F7350AA10}C:\program files\autodesk\autocad 2012 - deutsch\acad.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\autocad 2012 - deutsch\acad.exe | "TCP Query User{ED13740A-8080-4289-A819-4BF629D53F04}C:\users\sh\appdata\local\temp\9ba2.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\local\temp\9ba2.tmp\kmservice.exe | "TCP Query User{F126331A-FF2D-4E83-AA16-5EE8C14251B5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{1BED9530-21BF-43A8-95FD-4D161B064A23}C:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{1D4FA90E-99B3-4E99-94D8-361B54ABDAB4}C:\program files\imos ag\imos cad 10.0\bin\designmanagerwpf.exe" = protocol=17 | dir=in | app=c:\program files\imos ag\imos cad 10.0\bin\designmanagerwpf.exe | "UDP Query User{67E59646-59ED-4F98-8EF9-7E5F6E517FEB}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe | "UDP Query User{6A702DC2-D121-443D-AACB-7ADD593687F1}C:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{6CE22BE7-330F-419F-9A51-E79BE660CCC0}C:\program files\autodesk\autocad 2012 - deutsch\acad.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\autocad 2012 - deutsch\acad.exe | "UDP Query User{9B498A2D-6E1E-48DC-9F69-C283924416DE}C:\users\sh\appdata\local\temp\9ba2.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\local\temp\9ba2.tmp\kmservice.exe | "UDP Query User{A73F91F0-5024-4A64-AFB6-501AE8EAC508}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe | "UDP Query User{C6D474EB-9852-45FF-B2CF-0FA95FB45BF6}C:\program files\autodesk\autocad 2012 - deutsch\acad.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\autocad 2012 - deutsch\acad.exe | "UDP Query User{CF10C820-69B3-4D58-A275-5567440D2A7F}C:\program files (x86)\clonk rage\clonk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\clonk rage\clonk.exe | "UDP Query User{DA259184-5AFE-4E5D-A9B3-E34999AED6A8}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{E932B938-E7E9-4AEF-ACF7-953AAB40CF48}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe | "UDP Query User{EE958ECD-A2E3-43C0-8D74-AD9F2F6ED2B1}C:\users\sh.hkm\appdata\local\temp\ab0d.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\sh.hkm\appdata\local\temp\ab0d.tmp\kmservice.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client "{23170F69-40C1-2702-0925-000001000000}" = 7-Zip 9.25 (x64 edition) "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer "{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1 "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64) "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files "{3FF613B3-784C-43AD-9220-0F78E183FDEC}_is1" = H&H Software 9.0.0.49 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio "{5783F2D7-A001-0407-0102-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch "{5783F2D7-A001-0407-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 Full text search "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared "{ADA3F9C8-A6D3-4FCF-BFBB-EAD69AC0884E}" = Boot Camp-Dienste "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver "{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared "{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012 "{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012 "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services "{FD7B52A2-2E84-4F3E-B353-D16DA4B0CE0C}" = VMware Tools "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012 "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack "0B6B49213CF56838AFC233905FA14AC47EAA9B28" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) "110E24F054DE5F4F72985BC1F3A53F61985BD4CC" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) "159439476E3A00F9FAE49DD6C1A78F2F6288A5B9" = Windows-Treiberpaket - Intel (e1express) Net (03/26/2010 9.13.41.0) "26D089A9557429904D9851293EA25C911B64CCF8" = Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) "2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) "43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) "455287ECCB4BABCDE9C6713B82B1BDA990D55398" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) "57AFA39B22ADEC4E383572E9331167546EB3C9C7" = Windows-Treiberpaket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) "5BEF08C10896D86DC13394FFA75874564B700368" = Windows-Treiberpaket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) "703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) "70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) "76830D11874044260C923425E7F5A72F25EDA758" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) "7C9678A21221D0575C74AF7CE68E28C2771F9E41" = Windows-Treiberpaket - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) "A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) "AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012 "Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012 "C7DD621795A42EAE550280D4D7601459F35C4EC2" = Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) "CB599752301BCA080D135697FDD05900F5A5CF4C" = Windows-Treiberpaket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) "CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) "D088EE4BD2819FBA2B349EF9D55176F223419BE6" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) "D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) "D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) "D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C" = Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) "D76172B51B1ECB34E38F97F42F51B7A46FA15F52" = Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) "E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) "E2708073906571A0B56F17FD825EF19281ECE29B" = Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) "EA3C044F6FD39CEC8F4F596836BF4197E97E1D39" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) "F08FFCF5C857951E0CC5F736988F3D01BF425252" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) "F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) "F71DB41300D30088C8D3716343D1429488E605C1" = Windows-Treiberpaket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) "FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager "GIMP-2_is1" = GIMP 2.8.2 "Kyocera Product Library" = Kyocera Product Library "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit) "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports 2008 SP3 "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{3366641F-25B6-4D5A-8625-306E7649EBC6}" = imos 10.0 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E86E575-2B04-4FEC-ADA3-72D47CB4777C}" = Cortona3D Viewer "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{7500BC70-A665-468C-A23E-4B7C0DA94EA5}" = Crystal Reports 2008 German Language Pack SP3 "{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}" = BlueStacks Notification Center "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch "{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}" = Microsoft ReportViewer 2010 Redistributable - Language Pack - deu "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser "{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU "{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8 "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BlueStacks App Player" = BlueStacks App Player "Bomberclone" = Bomberclone "Bpp" = Bpp "Clonk Rage" = Clonk Rage "CommandFusion guiDesigner_is1" = CommandFusion guiDesigner v2.4.1.0 "DYNALOG" = DYNALOG "Foxit Reader_is1" = Foxit Reader "GS-Sport Training Gym Pro" = GS-Sport Training Gym Pro "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Pidgin" = Pidgin "PrintKey2000" = PrintKey2000 "schrankplaner3.600" = schrankplaner "ScreenshotCaptor_is1" = Screenshot Captor 3.07.01 "ST5UNST #1" = Lernprogramm Qualitätsmanagement "ST6UNST #1" = Visual Digi 3.0 "TeamViewer 8" = TeamViewer 8 "VLC media player" = VLC media player 2.0.1 "WinPcapInst" = WinPcap 4.1.3 "Wireshark" = Wireshark 1.8.7 (64-bit) "WoodWOP" = WoodWOP "WoodWOP-Wizard" = WoodWOP-Wizard "WoodWorks" = WoodWorks 1.6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Handbuch Qualitätsmanagement" = Handbuch Qualitätmanagement "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.06.2013 16:25:47 | Computer Name = shwin7.hkm.local | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10000 Error - 04.06.2013 16:58:26 | Computer Name = shwin7.hkm.local | Source = BstHdAndroidSvc | ID = 0 Description = Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 04.06.2013 16:59:08 | Computer Name = shwin7.hkm.local | Source = WinMgmt | ID = 10 Description = Error - 05.06.2013 02:22:07 | Computer Name = shwin7.hkm.local | Source = BstHdAndroidSvc | ID = 0 Description = Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 05.06.2013 02:22:18 | Computer Name = shwin7.hkm.local | Source = WinMgmt | ID = 10 Description = Error - 06.06.2013 10:33:14 | Computer Name = shwin7.hkm.local | Source = .NET Runtime | ID = 1026 Description = Error - 06.06.2013 10:33:24 | Computer Name = shwin7.hkm.local | Source = BstHdAndroidSvc | ID = 0 Description = Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 06.06.2013 10:33:38 | Computer Name = shwin7.hkm.local | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Connect.Service.ContentService.exe, Version: 2.0.90.0, Zeitstempel: 0x4d49aaf8 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e211319 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000b9bc ID des fehlerhaften Prozesses: 0x76c Startzeit der fehlerhaften Anwendung: 0x01ce62c2c2275ec4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 1304ff6f-ceb6-11e2-bf83-7056818e69ea Error - 06.06.2013 10:34:14 | Computer Name = shwin7.hkm.local | Source = COM+ | ID = 135763 Description = Error - 06.06.2013 10:34:31 | Computer Name = shwin7.hkm.local | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 09.06.2013 17:01:04 | Computer Name = shwin7.hkm.local | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen Error - 09.06.2013 17:40:12 | Computer Name = shwin7.hkm.local | Source = ipnathlp | ID = 31004 Description = Error - 09.06.2013 17:40:12 | Computer Name = shwin7.hkm.local | Source = ipnathlp | ID = 31004 Description = Error - 09.06.2013 17:45:24 | Computer Name = shwin7.hkm.local | Source = DCOM | ID = 10016 Description = Error - 09.06.2013 18:34:32 | Computer Name = shwin7.hkm.local | Source = DCOM | ID = 10010 Description = Error - 09.06.2013 18:35:44 | Computer Name = shwin7.hkm.local | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 09.06.2013 18:35:59 | Computer Name = shwin7.hkm.local | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne HKM aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 09.06.2013 18:36:18 | Computer Name = shwin7.hkm.local | Source = Service Control Manager | ID = 7000 Description = Der Dienst "KMService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 09.06.2013 18:36:55 | Computer Name = shwin7.hkm.local | Source = Service Control Manager | ID = 7023 Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error - 09.06.2013 18:37:00 | Computer Name = shwin7.hkm.local | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen < End of report > Gmer habe ich laufen lassen und erstmal diesen Post erstell. Musste zunächst schlafen. Danke schonmal für eure Hilfe. (die Hoffnung stirbt zuletzt) Guts Nächtl Geändert von racebo (10.06.2013 um 00:04 Uhr) Grund: Windows Benutzer hinzugefügt |
Themen zu GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to |
7-zip, adobe reader xi, bluestacks, booten, firefox, flash player, geld, install.exe, logfile, mozilla, msiexec.exe, netzwerk, plug-in, popup, realtek, recycle.bin, registry, riskware.tool.ck, security, sketchup, software, svchost.exe, sweetpacks, trojan.agent.ge, trojan.agent.gen, trojan.fakems, visual studio, vollbildschirm, win32/agent.bmdlkqv, win32/reveton.r, windows |