| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner Win7 Bootcampt vermutlich von kinox.toWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.06.2013, 00:02
| #1 |
| |  GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to Hallo liebes Foren-Team, GVU-Trojaner (Vollbildschirm Anzeige, man soll Geld überweisen usw.) System Windows 7 auf MacBook per BootCamp Der Befallene Benutzer (Windows-Login) war sh.HKM, die Scanns habe ich als av6.HKM durchgeführt. (Ich hoffe mal das hat keinen negativen Einfluss, also Admin haben beide) Windows 7 eigtl ausschließlich zum arbeiten, kein Surfen sondern nur CAD zeichnen. Leider habe ich vergessen OSX zu booten bevor ich meine Freundin an den Rechner gelassen habe.Daher war sie unter Win7 im Internet (nichtmal einen VirenScanner). Sie meinte es war Kinox.to -...- (ich darf nich drüber nachdenken...). Ich hab den Rechner ausgeschalten, im abgesicherten Modus gebootet, Systemwiederherstellung von letzter Woche. Leider ohne Erfolg, unter dem Benutzer wo der Trojaner aufgetreten war kam er wieder. Deshalb nahm ich einen anderen Login, ich suchte im Inet nach Hilfe, kam auf eure Seite. Leider habe ich die Beginner Anleitung erst gefunden als ich mbar schon angefangen hab durchlaufen zulassen. Das habe ich auch fertig laufen lassen. Es hatte schon 5 Dateien gefunden. Ich habe es beheben lassen. siehe Log mbar mBar LOG Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.09.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sh :: SHWIN7 [administrator]
09.06.2013 23:15:54
mbar-log-2013-06-09 (23-15-54).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P
Scan options disabled: PUP
Objects scanned: 298314
Time elapsed: 1 hour(s), 15 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon32.exe (Trojan.Agent.Gen) -> Data: C:\PROGRA~3\rundll32.exe C:\PROGRA~3\nior4.dat,XFG00 -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
c:\ProgramData\nior4.dat (Trojan.FakeMS) -> Delete on reboot.
c:\Users\sh.HKM\AppData\Local\Temp\cxrxuyakjrkokhphroj.bfg (Trojan.FakeMS) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-829343884-2666764345-3519855931-1178\$R6OF5KF.exe (RiskWare.Tool.CK) -> Delete on reboot.
c:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)a
Code:
ATTFilter OTL logfile created on: 10.06.2013 00:39:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\av6\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 81,07% Memory free 15,82 Gb Paging File | 14,11 Gb Available in Paging File | 89,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 166,98 Gb Total Space | 50,36 Gb Free Space | 30,16% Space Free | Partition Type: NTFS Drive D: | 530,85 Gb Total Space | 23,07 Gb Free Space | 4,35% Space Free | Partition Type: HFS Computer Name: SHWIN7 | User Name: sh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.06.09 23:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\av6\Desktop\OTL.exe PRC - [2013.05.13 13:21:42 | 000,601,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe PRC - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.18 21:08:34 | 001,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 15:01:10 | 000,650,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\103f18bf086b6fd674d6e7edbb513a5e\HD-Agent.ni.exe MOD - [2013.06.03 15:01:02 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\eeaa358ae934021a81a71f48ea45989b\JSON.ni.dll MOD - [2012.09.23 21:43:36 | 000,313,992 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll MOD - [2012.01.10 20:47:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2012.01.10 20:46:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2012.01.10 20:46:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2012.01.10 20:46:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2012.01.10 20:46:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2012.01.10 20:46:00 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2012.01.10 20:45:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.04.12 09:43:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.06.29 07:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv) SRV:64bit: - [2011.06.29 07:49:36 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr) SRV:64bit: - [2011.06.13 18:34:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.16 16:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.22 03:51:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2013.05.13 13:20:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.13 20:49:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.21 22:54:48 | 000,073,368 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe -- (VMTools) SRV - [2012.06.22 12:38:55 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.01 13:14:26 | 000,566,096 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway) SRV - [2012.05.01 13:14:26 | 000,509,776 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc) SRV - [2012.02.02 18:14:36 | 000,336,248 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV - [2011.10.31 18:39:56 | 000,189,304 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV - [2011.10.31 18:39:42 | 000,143,736 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.04.03 11:02:52 | 000,032,096 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher$IMOSSQL2008R2) SRV - [2010.04.03 11:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\sqlservr.exe -- (MSSQL$IMOSSQL2008R2) SRV - [2010.04.03 11:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$IMOSSQL2008R2) SRV - [2010.04.03 11:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.04.03 11:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.09 23:15:16 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2013.03.06 16:00:10 | 000,388,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XLHASP.sys -- (XLHASP) DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2012.08.21 22:58:18 | 000,218,776 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp) DRV:64bit: - [2012.08.21 22:52:44 | 000,015,512 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusbmouse.sys -- (vmusbmouse) DRV:64bit: - [2012.08.21 22:52:24 | 000,014,488 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse) DRV:64bit: - [2012.08.21 22:51:50 | 000,125,080 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\vmhgfs.sys -- (vmhgfs) DRV:64bit: - [2012.08.21 14:10:40 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.08.21 14:10:40 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.05 21:44:42 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM) DRV:64bit: - [2011.06.29 07:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS) DRV:64bit: - [2011.06.29 07:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT) DRV:64bit: - [2011.06.29 07:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver) DRV:64bit: - [2011.06.29 07:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent) DRV:64bit: - [2011.06.13 18:37:15 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.06.13 18:37:12 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter) DRV:64bit: - [2011.06.13 18:37:07 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.06.13 18:37:06 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2011.06.13 18:37:06 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011.06.13 18:34:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.13 18:34:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.03 13:18:28 | 000,052,736 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt) DRV:64bit: - [2011.05.26 21:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic) DRV:64bit: - [2011.03.25 03:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt) DRV:64bit: - [2011.03.25 03:31:56 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp) DRV:64bit: - [2011.03.25 03:31:56 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm) DRV:64bit: - [2011.03.25 03:31:33 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.04.03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2009.09.21 08:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.08.20 07:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.13 10:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2009.03.13 10:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2007.07.31 19:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2007.07.23 14:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV - [2013.05.13 13:20:44 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2012.08.21 22:52:08 | 000,017,560 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Common Files\VMware\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL) DRV - [2012.08.21 22:50:38 | 000,046,232 | ---- | M] (VMware, Inc.) [Kernel | System | Running] -- C:\Programme\VMware\VMware Tools\vmrawdsk.sys -- (vmrawdsk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 B2 76 AF 6D 61 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.backup.ftp: "192.168.2.4" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "192.168.2.4" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "192.168.2.4" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "192.168.2.4" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "192.168.2.4" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.2.4" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "192.168.2.4" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 03:51:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 03:51:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 14:38:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 03:51:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 03:51:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 14:38:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.06.23 18:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\Extensions [2013.05.13 11:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\Firefox\Profiles\hs7o6e7f.default\extensions [2013.05.13 11:01:24 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.01.07 11:12:29 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.06.25 16:58:57 | 000,003,915 | ---- | M] () -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\searchplugins\sweetim.xml [2013.05.22 03:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 03:51:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.08.09 16:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll O1 HOSTS File: ([2013.02.19 18:22:23 | 000,000,846 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 192.168.250.1 server O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4:64bit: - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.250.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hkm.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04581D58-4F0B-4D4E-8CF1-B027230788FC}: DhcpNameServer = 192.168.250.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05875837-CC3B-47D3-BCCC-30337B3671D0}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFE8A30-71E8-40B2-9A7E-C8E872EB60A4}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30BA0B08-E2B7-4CEC-9E32-4F522B825B35}: DhcpNameServer = 172.16.49.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BB9FEC1-3406-49C8-81D1-3B15B3C26870}: DhcpNameServer = 192.168.250.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 23:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.09 23:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.09 21:57:33 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\AppData\Roaming\Wireshark [2013.06.05 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Documents\Visual Studio 2005 [2013.06.05 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Documents\SQL Server Management Studio [2013.06.03 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.06.03 14:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2013.06.03 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013.06.03 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2013.06.03 14:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2013.06.03 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2013.06.03 14:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2013.05.22 21:17:12 | 000,000,000 | ---D | C] -- C:\.fseventsd [2013.05.22 03:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.17 14:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.13 11:06:24 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Desktop\Arbeit [2013.05.12 14:43:01 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys [2013.05.12 14:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobalSat Technology [2013.05.12 14:39:38 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Globalsat GS-Sport [2013.05.12 14:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific [2013.05.12 14:24:16 | 000,090,112 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys [1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.10 00:35:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.10 00:35:48 | 2077,282,303 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 00:17:52 | 000,000,000 | ---- | M] () -- C:\Users\sh.HKM\defogger_reenable [2013.06.09 23:49:52 | 001,797,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.09 23:49:52 | 000,762,498 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.09 23:49:52 | 000,717,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.09 23:49:52 | 000,173,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.09 23:49:52 | 000,146,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.09 23:40:38 | 095,023,320 | ---- | M] () -- C:\ProgramData\4roin.pad [2013.06.09 23:15:16 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.06.09 23:08:17 | 000,021,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-a289-439d-8115-601632D005A0 [2013.06.09 23:08:17 | 000,021,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-a289-439d-8115-601632D005A0 [2013.06.09 22:30:32 | 000,001,033 | ---- | M] () -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk [2013.06.09 22:30:29 | 000,002,645 | ---- | M] () -- C:\ProgramData\4roin.js [2013.06.09 22:30:29 | 000,000,151 | ---- | M] () -- C:\ProgramData\4roin.reg [2013.06.09 22:30:29 | 000,000,056 | ---- | M] () -- C:\ProgramData\4roin.bat [2013.06.09 19:35:41 | 575,127,510 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.07 12:26:45 | 001,117,753 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Foto.JPG [2013.06.07 11:15:45 | 000,132,927 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Re_ Zuschnittliste für Schelling-Säge.pdf [2013.06.07 11:11:30 | 000,037,796 | ---- | M] () -- C:\Users\sh.HKM\Desktop\vpex3250 - kumulierte Schnittliste.pdf [2013.06.07 10:35:48 | 000,003,390 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg [2013.06.05 16:47:40 | 000,465,943 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9762_b.jpg [2013.06.05 16:47:38 | 000,528,392 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9754_b.jpg [2013.06.05 16:47:37 | 000,603,113 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9751_b.jpg [2013.06.05 16:47:36 | 000,462,500 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9791_b.jpg [2013.06.05 16:47:34 | 000,558,925 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9780_b_k.jpg [2013.06.05 11:46:41 | 000,447,191 | ---- | M] () -- C:\Users\sh.HKM\Desktop\MPRPP.zip [2013.06.05 11:42:31 | 008,233,032 | ---- | M] () -- C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip [2013.06.05 09:31:29 | 000,022,528 | ---- | M] () -- C:\Users\sh.HKM\Desktop\MMA Grundformm.pdf [2013.06.05 08:47:35 | 000,002,008 | -H-- | M] () -- C:\Users\sh.HKM\Documents\Default.rdp [2013.06.03 14:39:21 | 000,001,545 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Wireshark.lnk [2013.05.28 16:46:31 | 000,000,841 | ---- | M] () -- C:\Users\sh.HKM\AppData\Local\recently-used.xbel [2013.05.27 16:48:09 | 000,000,798 | ---- | M] () -- C:\Users\sh.HKM\Desktop\cnc.lnk [2013.05.27 11:44:54 | 000,000,798 | ---- | M] () -- C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk [2013.05.27 08:37:20 | 000,000,657 | ---- | M] () -- C:\Users\sh.HKM\Desktop\SÄGE.lnk [2013.05.27 08:37:08 | 000,000,758 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk [2013.05.20 12:45:02 | 000,006,148 | ---- | M] () -- C:\.DS_Store [2013.05.12 14:39:39 | 000,002,388 | ---- | M] () -- C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk [1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.10 00:17:52 | 000,000,000 | ---- | C] () -- C:\Users\sh.HKM\defogger_reenable [2013.06.09 23:15:16 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.06.09 22:30:32 | 000,001,033 | ---- | C] () -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk [2013.06.09 22:30:29 | 000,002,645 | ---- | C] () -- C:\ProgramData\4roin.js [2013.06.09 22:30:29 | 000,000,151 | ---- | C] () -- C:\ProgramData\4roin.reg [2013.06.09 22:30:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\4roin.bat [2013.06.09 22:30:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\4roin.pad [2013.06.07 12:26:44 | 001,117,753 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Foto.JPG [2013.06.07 11:15:43 | 000,132,927 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Re_ Zuschnittliste für Schelling-Säge.pdf [2013.06.07 11:11:29 | 000,037,796 | ---- | C] () -- C:\Users\sh.HKM\Desktop\vpex3250 - kumulierte Schnittliste.pdf [2013.06.07 10:35:48 | 000,003,390 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg [2013.06.05 16:47:38 | 000,465,943 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9762_b.jpg [2013.06.05 16:47:37 | 000,528,392 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9754_b.jpg [2013.06.05 16:47:36 | 000,603,113 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9751_b.jpg [2013.06.05 16:47:34 | 000,462,500 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9791_b.jpg [2013.06.05 16:47:33 | 000,558,925 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9780_b_k.jpg [2013.06.05 11:46:41 | 000,447,191 | ---- | C] () -- C:\Users\sh.HKM\Desktop\MPRPP.zip [2013.06.05 11:42:26 | 008,233,032 | ---- | C] () -- C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip [2013.06.05 09:31:28 | 000,022,528 | ---- | C] () -- C:\Users\sh.HKM\Desktop\MMA Grundformm.pdf [2013.06.03 14:39:21 | 000,001,545 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Wireshark.lnk [2013.05.28 16:46:31 | 000,000,841 | ---- | C] () -- C:\Users\sh.HKM\AppData\Local\recently-used.xbel [2013.05.27 16:57:27 | 000,121,344 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Begleitscheine.xlt [2013.05.27 16:48:09 | 000,000,798 | ---- | C] () -- C:\Users\sh.HKM\Desktop\cnc.lnk [2013.05.27 11:44:54 | 000,000,798 | ---- | C] () -- C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk [2013.05.27 08:37:20 | 000,000,657 | ---- | C] () -- C:\Users\sh.HKM\Desktop\SÄGE.lnk [2013.05.27 08:37:08 | 000,000,758 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk [2013.05.12 14:43:01 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD [2013.05.12 14:39:39 | 000,002,388 | ---- | C] () -- C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk [2013.05.12 14:24:01 | 003,362,768 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Crivit_GH625M.zip [2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012.11.26 14:58:14 | 000,000,279 | ---- | C] () -- C:\Windows\IMOSCAM.INI [2012.10.11 22:28:16 | 000,012,292 | ---- | C] () -- C:\Users\sh.HKM\.DS_Store [2012.08.22 22:48:45 | 000,000,058 | ---- | C] () -- C:\Users\sh.HKM\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2012.07.21 14:37:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.07.21 14:34:25 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012.06.25 20:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\cms.INI [2012.06.23 18:15:23 | 000,001,338 | RHS- | C] () -- C:\Users\sh.HKM\ntuser.pol [2012.06.23 18:14:34 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.06.22 14:16:53 | 000,000,389 | ---- | C] () -- C:\Windows\IMOSCAM_local.INI [2012.06.22 14:16:53 | 000,000,236 | ---- | C] () -- C:\Windows\IMOSR18.INI [2012.06.22 12:39:36 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.06.22 12:29:17 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.20 16:53:07 | 000,000,137 | ---- | C] () -- C:\Windows\ODBC.INI [2012.06.20 16:51:57 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.06.20 12:04:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.20 12:02:20 | 000,014,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.06.20 11:59:43 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011.08.30 07:25:09 | 014,173,184 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.08.30 06:21:25 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.07 17:50:57 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\.purple [2013.05.28 17:15:20 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Autodesk [2012.09.01 11:58:23 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Business Objects [2012.09.02 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Clonk Rage [2013.01.03 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\DesignManagerWPFExe [2012.08.22 22:48:45 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\DonationCoder [2013.06.10 00:32:50 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Dropbox [2012.08.10 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Foxit Software [2012.07.20 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Genie-Soft [2012.06.26 23:24:07 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\pdfforge [2012.09.06 10:48:26 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\SAMSUNG [2012.08.23 08:49:19 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Software4u [2012.09.09 13:12:08 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Spotify [2013.02.19 17:38:40 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\TeamViewer [2012.06.24 14:52:14 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Thunderbird [2013.06.09 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\sh.HKM\AppData\Roaming\Wireshark ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\sh.HKM\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.VISE Temp Items:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.TemporaryItems:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.DS_Store:AFP_AfpInfo < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.06.2013 00:39:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\av6\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 81,07% Memory free
15,82 Gb Paging File | 14,11 Gb Available in Paging File | 89,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 166,98 Gb Total Space | 50,36 Gb Free Space | 30,16% Space Free | Partition Type: NTFS
Drive D: | 530,85 Gb Total Space | 23,07 Gb Free Space | 4,35% Space Free | Partition Type: HFS
Computer Name: SHWIN7 | User Name: sh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE41AC-4DBA-4366-A647-912FDB7873FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{052A94BF-D0DF-42FB-AF18-FAD15860EB64}" = rport=2869 | protocol=6 | dir=out | app=system |
"{08DFB070-3478-4104-91FF-FCBC2EBBB8E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{32DF7C64-2953-4EF2-AA49-8D4FDA67BFFD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47A125FA-11E8-437E-9B6D-8DF396C7B47F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4A55CFC0-4698-47EE-9A5B-9375615E3F3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A7CD407-9AFA-4351-B3D8-9F47BE1FB50F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{564A7F37-F81B-4BFC-A36B-A3BD648E69A9}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B8D6AE9-DA4D-4310-AF86-A0D8528BB25E}" = rport=139 | protocol=6 | dir=out | app=system |
"{75A26979-2AE1-498A-9CF5-FD0CBC63A8C1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{90F6EF3A-5666-42CF-9636-D62D7060A567}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A35697BD-9A3B-4E65-A7B9-B3B2A45EBB48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5E5537E-7C1B-4259-BDC9-771B34FFE195}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AC6A4E68-CB52-4068-960E-CFE909589AA3}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDB1C38B-F6BC-438D-A88D-474CC99960FD}" = lport=138 | protocol=17 | dir=in | app=system |
"{C6004E9E-A5E9-4863-8EBE-EFC064C3BE0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9BDA957-F68B-4080-9222-1D7D7411B34D}" = lport=139 | protocol=6 | dir=in | app=system |
"{CDDA0E9A-D215-4B2D-A8E9-DAF69A34AD6E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB018724-3D87-49B5-9BF3-2AA45D196C22}" = rport=138 | protocol=17 | dir=out | app=system |
"{E0859FD2-1EF8-4D2C-B09E-C7DF43C78BFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1630F94-7600-4927-AB5C-94EF4AD61480}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F41883E1-EEB7-468D-95F1-FE0D6B3D07DF}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E2A043-8717-4C6D-8CD0-3542AB8A0B00}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{065B046C-C604-4CB3-B1E2-63F854708412}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{0683B911-B72E-4B05-B7F7-0567A2EAEC64}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{07643037-76E8-4BB6-A2D4-E8CFFA005B97}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{084D15F8-A3AE-45F2-B952-8F561EA513FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{09B8DD6A-6C11-403B-B65D-F80235FAFB36}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{0A8E9EC5-BBCF-4786-A5C6-D7DE91576B03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0BAB3A44-AC06-4401-905B-ABBE3752131B}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{0E4BE5F4-CF17-44C3-B837-1823BD8E6DA6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{116D1DA9-A86C-4029-B2BF-4BDD0D062548}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{139F317F-B693-4BEC-AF49-C35B4860D236}" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe |
"{1699AD85-8B06-4F9B-899D-4A6FCD1BE262}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A078F6F-48BA-4E0E-B8B0-154D45D95798}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{1C5E4C40-76DB-4221-A6DA-53224EB4ED1B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{23D5C818-BF78-4C49-B55E-D6EC3196873B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D5387F1-5BBD-4F3D-8B49-DBA3ABFEB5CD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3FABDF01-843B-4380-B73B-6CE64EEFDE77}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{42D8B384-BDF0-4606-9CD3-6FAF229C9717}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{43EDBAC2-9C79-4E2E-ABBC-F1F03302DBD0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{58341219-AF29-4948-A4A2-249AA385C1F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{58F165BC-0B7D-4693-BFC2-E7FD5F8E86BE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{67FA6FD3-F0B3-4E40-9EA3-7E8410D43AA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6D039D95-14CD-4294-AC89-0ADDDF0673C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{788905D7-6B8F-4729-8274-B616545E86F9}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{8EA98574-962E-4B2F-AB28-1600E7934D52}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{966AD561-AB95-4B6B-9DBF-4D916972E571}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A93A7895-E372-4151-A14B-42B03F412F3E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B8020305-8BDE-4C24-AAFC-9D9C7777DBC6}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{B8CCCA5D-9F82-456A-A6C0-1E32330B4C82}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{BC01774B-145F-4AC8-816A-4B7F9A1C6330}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCC37AA9-9E39-4076-93EE-4100715F58A6}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C65534A3-CBFA-46E3-9E6C-AE6B59ABE184}" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe |
"{C7966377-D379-442E-BB18-56C24CDE5693}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF89F805-BE69-4E61-BBF2-F430D1F4CCCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E529F1C9-BF89-4CC1-94CB-F53926253026}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{EBC59386-EFC5-441E-9D8C-21A1BD4905C7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{EFEDF333-B5E9-4D5D-8F5B-EA165E33B204}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7ECD1F1-FD52-4A6C-A5E2-B8A30786415A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{3985C84E-4D4F-4C8E-9A0D-60019DB8268D}C:\program files\autodesk\autocad 2012 - deutsch\acad.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\autocad 2012 - deutsch\acad.exe |
"TCP Query User{51FC3D9A-BD56-4C42-826D-3A9640B7E5EE}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe |
"TCP Query User{57F2B15A-689F-434C-B509-E0EFE1A3F9DF}C:\users\sh.hkm\appdata\local\temp\ab0d.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\sh.hkm\appdata\local\temp\ab0d.tmp\kmservice.exe |
"TCP Query User{6370F738-E4F3-4390-B3D7-D694DBC479F6}C:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{7E00D4A4-1100-4C50-9B4C-6E8BF9A84445}C:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8C794D51-960F-455D-95FE-659AC6C2AF69}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe |
"TCP Query User{8E0C838F-112C-4523-8096-6CEB69C9DEE3}C:\program files\imos ag\imos cad 10.0\bin\designmanagerwpf.exe" = protocol=6 | dir=in | app=c:\program files\imos ag\imos cad 10.0\bin\designmanagerwpf.exe |
"TCP Query User{C1FC422C-0A47-4939-91D1-DEDD731D203B}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe |
"TCP Query User{D82EEF12-0B8A-46F5-8939-7DD1FB7D3E1F}C:\program files (x86)\clonk rage\clonk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\clonk rage\clonk.exe |
"TCP Query User{E53CBE93-3A64-4266-B4D4-3A7F7350AA10}C:\program files\autodesk\autocad 2012 - deutsch\acad.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\autocad 2012 - deutsch\acad.exe |
"TCP Query User{ED13740A-8080-4289-A819-4BF629D53F04}C:\users\sh\appdata\local\temp\9ba2.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\sh\appdata\local\temp\9ba2.tmp\kmservice.exe |
"TCP Query User{F126331A-FF2D-4E83-AA16-5EE8C14251B5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{1BED9530-21BF-43A8-95FD-4D161B064A23}C:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1D4FA90E-99B3-4E99-94D8-361B54ABDAB4}C:\program files\imos ag\imos cad 10.0\bin\designmanagerwpf.exe" = protocol=17 | dir=in | app=c:\program files\imos ag\imos cad 10.0\bin\designmanagerwpf.exe |
"UDP Query User{67E59646-59ED-4F98-8EF9-7E5F6E517FEB}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6A702DC2-D121-443D-AACB-7ADD593687F1}C:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6CE22BE7-330F-419F-9A51-E79BE660CCC0}C:\program files\autodesk\autocad 2012 - deutsch\acad.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\autocad 2012 - deutsch\acad.exe |
"UDP Query User{9B498A2D-6E1E-48DC-9F69-C283924416DE}C:\users\sh\appdata\local\temp\9ba2.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\local\temp\9ba2.tmp\kmservice.exe |
"UDP Query User{A73F91F0-5024-4A64-AFB6-501AE8EAC508}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C6D474EB-9852-45FF-B2CF-0FA95FB45BF6}C:\program files\autodesk\autocad 2012 - deutsch\acad.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\autocad 2012 - deutsch\acad.exe |
"UDP Query User{CF10C820-69B3-4D58-A275-5567440D2A7F}C:\program files (x86)\clonk rage\clonk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\clonk rage\clonk.exe |
"UDP Query User{DA259184-5AFE-4E5D-A9B3-E34999AED6A8}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{E932B938-E7E9-4AEF-ACF7-953AAB40CF48}C:\users\sh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sh\appdata\roaming\spotify\spotify.exe |
"UDP Query User{EE958ECD-A2E3-43C0-8D74-AD9F2F6ED2B1}C:\users\sh.hkm\appdata\local\temp\ab0d.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\sh.hkm\appdata\local\temp\ab0d.tmp\kmservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
"{23170F69-40C1-2702-0925-000001000000}" = 7-Zip 9.25 (x64 edition)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3FF613B3-784C-43AD-9220-0F78E183FDEC}_is1" = H&H Software 9.0.0.49
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5783F2D7-A001-0407-0102-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch
"{5783F2D7-A001-0407-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 Full text search
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{ADA3F9C8-A6D3-4FCF-BFBB-EAD69AC0884E}" = Boot Camp-Dienste
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"{FD7B52A2-2E84-4F3E-B353-D16DA4B0CE0C}" = VMware Tools
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"0B6B49213CF56838AFC233905FA14AC47EAA9B28" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1)
"110E24F054DE5F4F72985BC1F3A53F61985BD4CC" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22)
"159439476E3A00F9FAE49DD6C1A78F2F6288A5B9" = Windows-Treiberpaket - Intel (e1express) Net (03/26/2010 9.13.41.0)
"26D089A9557429904D9851293EA25C911B64CCF8" = Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220)
"2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30)
"455287ECCB4BABCDE9C6713B82B1BDA990D55398" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"57AFA39B22ADEC4E383572E9331167546EB3C9C7" = Windows-Treiberpaket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
"5BEF08C10896D86DC13394FFA75874564B700368" = Windows-Treiberpaket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
"703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"76830D11874044260C923425E7F5A72F25EDA758" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"7C9678A21221D0575C74AF7CE68E28C2771F9E41" = Windows-Treiberpaket - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2)
"A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"C7DD621795A42EAE550280D4D7601459F35C4EC2" = Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)
"CB599752301BCA080D135697FDD05900F5A5CF4C" = Windows-Treiberpaket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
"D088EE4BD2819FBA2B349EF9D55176F223419BE6" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)
"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C" = Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"D76172B51B1ECB34E38F97F42F51B7A46FA15F52" = Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0)
"EA3C044F6FD39CEC8F4F596836BF4197E97E1D39" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)
"F08FFCF5C857951E0CC5F736988F3D01BF425252" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
"F71DB41300D30088C8D3716343D1429488E605C1" = Windows-Treiberpaket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"GIMP-2_is1" = GIMP 2.8.2
"Kyocera Product Library" = Kyocera Product Library
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports 2008 SP3
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3366641F-25B6-4D5A-8625-306E7649EBC6}" = imos 10.0
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E86E575-2B04-4FEC-ADA3-72D47CB4777C}" = Cortona3D Viewer
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{7500BC70-A665-468C-A23E-4B7C0DA94EA5}" = Crystal Reports 2008 German Language Pack SP3
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}" = BlueStacks Notification Center
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}" = Microsoft ReportViewer 2010 Redistributable - Language Pack - deu
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BlueStacks App Player" = BlueStacks App Player
"Bomberclone" = Bomberclone
"Bpp" = Bpp
"Clonk Rage" = Clonk Rage
"CommandFusion guiDesigner_is1" = CommandFusion guiDesigner v2.4.1.0
"DYNALOG" = DYNALOG
"Foxit Reader_is1" = Foxit Reader
"GS-Sport Training Gym Pro" = GS-Sport Training Gym Pro
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pidgin" = Pidgin
"PrintKey2000" = PrintKey2000
"schrankplaner3.600" = schrankplaner
"ScreenshotCaptor_is1" = Screenshot Captor 3.07.01
"ST5UNST #1" = Lernprogramm Qualitätsmanagement
"ST6UNST #1" = Visual Digi 3.0
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.8.7 (64-bit)
"WoodWOP" = WoodWOP
"WoodWOP-Wizard" = WoodWOP-Wizard
"WoodWorks" = WoodWorks 1.6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Handbuch Qualitätsmanagement" = Handbuch Qualitätmanagement
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.06.2013 16:25:47 | Computer Name = shwin7.hkm.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
Error - 04.06.2013 16:58:26 | Computer Name = shwin7.hkm.local | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 04.06.2013 16:59:08 | Computer Name = shwin7.hkm.local | Source = WinMgmt | ID = 10
Description =
Error - 05.06.2013 02:22:07 | Computer Name = shwin7.hkm.local | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 05.06.2013 02:22:18 | Computer Name = shwin7.hkm.local | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2013 10:33:14 | Computer Name = shwin7.hkm.local | Source = .NET Runtime | ID = 1026
Description =
Error - 06.06.2013 10:33:24 | Computer Name = shwin7.hkm.local | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 06.06.2013 10:33:38 | Computer Name = shwin7.hkm.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Connect.Service.ContentService.exe,
Version: 2.0.90.0, Zeitstempel: 0x4d49aaf8 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7601.17651, Zeitstempel: 0x4e211319 Ausnahmecode: 0xe0434352 Fehleroffset:
0x0000b9bc ID des fehlerhaften Prozesses: 0x76c Startzeit der fehlerhaften Anwendung:
0x01ce62c2c2275ec4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Autodesk\Content
Service\Connect.Service.ContentService.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung:
1304ff6f-ceb6-11e2-bf83-7056818e69ea
Error - 06.06.2013 10:34:14 | Computer Name = shwin7.hkm.local | Source = COM+ | ID = 135763
Description =
Error - 06.06.2013 10:34:31 | Computer Name = shwin7.hkm.local | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 09.06.2013 17:01:04 | Computer Name = shwin7.hkm.local | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 09.06.2013 17:40:12 | Computer Name = shwin7.hkm.local | Source = ipnathlp | ID = 31004
Description =
Error - 09.06.2013 17:40:12 | Computer Name = shwin7.hkm.local | Source = ipnathlp | ID = 31004
Description =
Error - 09.06.2013 17:45:24 | Computer Name = shwin7.hkm.local | Source = DCOM | ID = 10016
Description =
Error - 09.06.2013 18:34:32 | Computer Name = shwin7.hkm.local | Source = DCOM | ID = 10010
Description =
Error - 09.06.2013 18:35:44 | Computer Name = shwin7.hkm.local | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.06.2013 18:35:59 | Computer Name = shwin7.hkm.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HKM aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 09.06.2013 18:36:18 | Computer Name = shwin7.hkm.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "KMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 09.06.2013 18:36:55 | Computer Name = shwin7.hkm.local | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 09.06.2013 18:37:00 | Computer Name = shwin7.hkm.local | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
< End of report >
Gmer habe ich laufen lassen und erstmal diesen Post erstell. Musste zunächst schlafen. Danke schonmal für eure Hilfe. (die Hoffnung stirbt zuletzt) Guts Nächtl Geändert von racebo (10.06.2013 um 00:04 Uhr) Grund: Windows Benutzer hinzugefügt |
|
10.06.2013, 06:33
| #2 |
| /// the machine /// TB-Ausbilder    | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to Hi,
__________________da gehen wir von aussen ran. [indent] Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
10.06.2013, 08:23
| #3 |
| | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to guten morgen,
__________________hab übrigends Win7 64bit, hatte ich vergessen zu schreiben. soll ich den GMER log noch nachreichen? farbar: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013 Ran by SYSTEM on 10-06-2013 08:44:31 Running from E:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.) HKLM\...\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n vmusr [73368 2012-08-21] (VMware, Inc.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1552968 2013-05-08] (Malwarebytes Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.) HKU\sh\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Printkey2000.lnk ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software) Startup: C:\Users\sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\sh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\nior4.dat (No File) ==================== Services (Whitelisted) ================= S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] () S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () S2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [336248 2012-02-02] (AVM Berlin) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.) S2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143736 2011-10-31] (AVM Berlin) S2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.) S2 MSSQL$IMOSSQL2008R2; c:\Program Files\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation) S2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2011-10-31] (AVM Berlin) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S4 SQLAgent$IMOSSQL2008R2; c:\Program Files\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation) S3 TPAutoConnSvc; C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [509776 2012-05-01] (Cortado AG) S3 TPVCGateway; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [566096 2012-05-01] (Cortado AG) S2 KMService; C:\Windows\system32\srvany.exe [x] S3 MSSQLFDLauncher$IMOSSQL2008R2; "c:\Program Files\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.IMOSSQL2008R2 [x] ==================== Drivers (Whitelisted) ==================== S3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.) S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.) S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-03-25] (Apple Inc.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-06-09] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-06-09] () S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin) S2 VMMEMCTL; C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [17560 2012-08-21] (VMware, Inc.) S1 vmrawdsk; C:\Program Files\VMware\VMware Tools\vmrawdsk.sys [46232 2012-08-21] (VMware, Inc.) S3 vmusbmouse; C:\Windows\System32\DRIVERS\vmusbmouse.sys [15512 2012-08-21] (VMware, Inc.) S0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-08-21] (VMware, Inc.) S3 XLHASP; c:\windows\system32\drivers\XLHASP.sys [388096 2013-03-06] () S3 athr; system32\DRIVERS\athrx.sys [x] S1 StarOpen; No ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [x] ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\acpials.sys 12C5274CD87449A2A37A607CDB321922 C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aksdf.sys 95BC4330FA44240CA00C641A73C7E62D C:\Windows\System32\DRIVERS\aksfridge.sys E2E5CF34D6C56ACE5E986969A3D9B0B5 C:\Windows\System32\DRIVERS\akshasp.sys A56F1B0F967AEF8A82D7771E6D166DEF C:\Windows\System32\DRIVERS\akshhl.sys 67DFF8C8F95CB21C9C3380DD4C0387F2 C:\Windows\System32\DRIVERS\aksusb.sys A9A09BC526E614CE9F29BB23C2A76CED C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys DF943A113060D3ABFDA4730AE4163D6F C:\Windows\System32\DRIVERS\atikmpag.sys 4003B34B4A83DE29CD1C88EB6C869E58 C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\applebmt.sys 78FCF35BD83BECEE5E6B2182D7558AC4 C:\Windows\System32\DRIVERS\AppleBtBc.sys F65D10A8637F5EB0C6F7811548B06770 C:\Windows\System32\Drivers\AppleHFS.sys 48BDC7AF6A26A6816BD5BE4798C29A58 C:\Windows\System32\Drivers\AppleMNT.sys DAAC81671A6EEB41B35BF9113A35C7FF C:\Windows\System32\DRIVERS\applemtm.sys A0A045A7CC583E1B024ABA3E9B38E2C0 C:\Windows\System32\DRIVERS\applemtp.sys CC8879AAA4DE50F70D194F54B50FF5CF C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys BFD70BEA3F8398F6B8B44E5CDED3249C C:\Windows\System32\DRIVERS\bcmwl664.sys 64032CA1644A336BD98ACFA5601E925E C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bScsiSDa.sys D751DEEA9B2206532AADE60AA94C475A C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys BFBE9220934B215AA46CDCBB6B6A1F73 C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys BFBE9220934B215AA46CDCBB6B6A1F73 C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CS420x64.sys 11DA0CCBCE49E7A4C6A4F9F2B4E858F8 C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit C:\Windows\system32\drivers\hardlock.sys 78FAD9117E4527F2CA82259DA10F40BD C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\IRFilter.sys A2EA52F7140D9439EF0ECA7A9E2940C9 C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\system32\drivers\KeyAgent.sys 1E74F5914D4643B9B379DAF1E47BF999 C:\Windows\system32\drivers\KeyAgent.sys 1E74F5914D4643B9B379DAF1E47BF999 C:\Windows\System32\DRIVERS\KeyMagic.sys C307A605C49D21592B6C9BB41FBE893B C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\MacHALDriver.sys 4035B7464DF8C3C423E6FFDC75AAEEBF C:\Windows\system32\drivers\MacHALDriver.sys 4035B7464DF8C3C423E6FFDC75AAEEBF C:\Windows\system32\drivers\mbamchameleon.sys 31C6AFFFAD7C733A65F888929548BC22 C:\Windows\system32\drivers\mbamchameleon.sys 31C6AFFFAD7C733A65F888929548BC22 C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys 1C6E73FC46B509EFF9D0086AA37132DF C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\avmnwim.sys 9ED2D6751813F5589710A8122CD227B2 C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\RsFx0150.sys EB1C539E621A35A49F7692B0EB565AB9 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ser2pl64.sys 749502A6C51116A6229CF7536181907F C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\system32\drivers\Synth3dVsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162 C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162 C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9 C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\system32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys FB251567F41BC61988B26731DEC19E4B C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vm3dmp.sys 58E06D6A4D3FDBB11282B6D84A011ABA C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vmci.sys 6203C901DEFF10631AAD919B3BD1489B C:\Windows\System32\drivers\vmhgfs.sys D21D5D65E2393B618297A1F605109A63 C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys FB28544638C25A6471A6117E425F5DD3 C:\Windows\System32\DRIVERS\vmmouse.sys BBE7ED0ED87295C4E4F7A323D260DE19 C:\Program Files\VMware\VMware Tools\vmrawdsk.sys 9AFAD8C621CF7DDE79D09A072669E568 C:\Windows\System32\DRIVERS\vmusbmouse.sys 13F9A99C2311E01CC31E84A196DD070F C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vsock.sys 1BD504B8678825B40C515BEF5BFB08E7 C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit c:\windows\system32\drivers\XLHASP.sys 64A96E86B891DD6624826D70BBFC3109 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-10 08:44 - 2013-06-10 08:44 - 00000000 ____D C:\FRST 2013-06-10 07:06 - 2013-06-10 07:06 - 01919988 ____A (Farbar) C:\Users\av6\Downloads\FRST64.exe 2013-06-10 06:43 - 2013-06-10 06:44 - 05078680 ____A (Swearware) C:\Users\av6\Downloads\ComboFix.exe 2013-06-10 06:37 - 2013-06-10 06:37 - 09833328 ____A (SurfRight B.V.) C:\Users\av6\Downloads\HitmanPro_x64.exe 2013-06-10 06:33 - 2013-06-10 06:34 - 04378864 ____A (Piriform Ltd) C:\Users\av6\Downloads\ccsetup402.exe 2013-06-10 06:31 - 2013-06-10 06:31 - 00000000 ____D C:\Users\av6\AppData\Local\Macromedia 2013-06-10 06:30 - 2013-06-10 06:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\av6\Downloads\tdsskiller.exe 2013-06-10 06:21 - 2013-06-10 06:21 - 00003181 ____A C:\Users\av6\Desktop\gmer.log 2013-06-10 06:19 - 2013-06-10 06:19 - 00003181 ____A C:\Users\sh.HKM\Desktop\gmer.log 2013-06-09 23:52 - 2013-06-09 23:52 - 00000000 ____D C:\Users\av6\AppData\Roaming\Mozilla 2013-06-09 23:52 - 2013-06-09 23:52 - 00000000 ____D C:\Users\av6\AppData\Local\Mozilla 2013-06-09 23:48 - 2013-06-09 23:48 - 00076070 ____A C:\Users\av6\Desktop\Extras.Txt 2013-06-09 23:46 - 2013-06-09 23:46 - 00098728 ____A C:\Users\av6\Desktop\OTL.Txt 2013-06-09 23:37 - 2013-06-09 22:35 - 00377856 ____A C:\Users\av6\Desktop\gmer_2.1.19163.exe 2013-06-09 23:36 - 2013-06-09 22:34 - 00602112 ____A (OldTimer Tools) C:\Users\av6\Desktop\OTL.exe 2013-06-09 23:17 - 2013-06-09 23:24 - 00000466 ____A C:\Users\av6\Downloads\defogger_disable.log 2013-06-09 23:17 - 2013-06-09 23:17 - 00000000 ____A C:\Users\sh.HKM\defogger_reenable 2013-06-09 22:45 - 2013-06-09 22:45 - 00000000 ____D C:\Users\av6\AppData\Local\Adobe 2013-06-09 22:42 - 2013-06-09 22:42 - 00130696 ____A C:\Users\av6\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-09 22:42 - 2013-06-09 22:42 - 00000000 ____D C:\Users\av6\AppData\Roaming\pdfforge 2013-06-09 22:40 - 2013-06-09 22:40 - 00050477 ____A C:\Users\av6\Downloads\Defogger.exe 2013-06-09 22:35 - 2013-06-09 22:35 - 00377856 ____A C:\Users\av6\Downloads\gmer_2.1.19163.exe 2013-06-09 22:34 - 2013-06-09 22:34 - 00602112 ____A (OldTimer Tools) C:\Users\av6\Downloads\OTL.exe 2013-06-09 22:15 - 2013-06-09 23:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-09 22:15 - 2013-06-09 22:15 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys 2013-06-09 22:15 - 2013-06-09 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-09 22:13 - 2013-06-09 22:13 - 00000000 ____D C:\Users\av6\Downloads\mbar-1.06.0.1003 2013-06-09 22:13 - 2013-06-09 22:13 - 00000000 ____D C:\Users\av6\AppData\Roaming\WinRAR 2013-06-09 22:12 - 2013-06-09 22:12 - 13169742 ____A C:\Users\av6\Downloads\mbar-1.06.0.1003.zip 2013-06-09 22:12 - 2013-06-09 22:12 - 00648201 ____A C:\Users\av6\Downloads\adwcleaner.exe 2013-06-09 22:05 - 2013-06-09 22:45 - 00000000 ____D C:\Users\av6\AppData\Roaming\Adobe 2013-06-09 22:05 - 2013-06-09 22:05 - 00000000 ____D C:\Users\av6\AppData\Roaming\Macromedia 2013-06-09 22:03 - 2013-06-09 22:03 - 00000000 ____D C:\Users\av6\AppData\Local\VirtualStore 2013-06-09 22:02 - 2013-06-09 22:03 - 00000000 ____D C:\users\av6 2013-06-09 22:02 - 2013-06-09 22:02 - 00001338 _RASH C:\Users\av6\ntuser.pol 2013-06-09 22:02 - 2013-06-09 22:02 - 00000020 ___SH C:\Users\av6\ntuser.ini 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Vorlagen 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Startmenü 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Netzwerkumgebung 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Lokale Einstellungen 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Eigene Dateien 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Druckumgebung 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Documents\Eigene Musik 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Documents\Eigene Bilder 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\AppData\Local\Verlauf 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\AppData\Local\Anwendungsdaten 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Anwendungsdaten 2013-06-09 22:02 - 2012-06-26 23:32 - 00000000 ____D C:\Users\av6\AppData\Roaming\Genie-Soft 2013-06-09 21:30 - 2013-06-09 22:40 - 95023320 ___AT C:\ProgramData\4roin.pad 2013-06-09 21:30 - 2013-06-09 22:01 - 00000000 ____A C:\ProgramData\kjhy64.txt 2013-06-09 21:30 - 2013-06-09 21:30 - 00002645 ____A C:\ProgramData\4roin.js 2013-06-09 21:30 - 2013-06-09 21:30 - 00000151 ____A C:\ProgramData\4roin.reg 2013-06-09 21:30 - 2013-06-09 21:30 - 00000056 ____A C:\ProgramData\4roin.bat 2013-06-09 20:57 - 2013-06-09 21:10 - 00000000 ____D C:\Users\sh.HKM\AppData\Roaming\Wireshark 2013-06-09 18:35 - 2013-06-09 18:35 - 01010728 ____A C:\Windows\Minidump\060913-19656-01.dmp 2013-06-07 09:35 - 2013-06-07 09:35 - 00003390 ____A C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg 2013-06-06 15:32 - 2013-06-06 15:33 - 01248760 ____A C:\Windows\Minidump\060613-18579-01.dmp 2013-06-06 09:22 - 2013-06-06 09:22 - 00842085 ____A C:\Users\sh.HKM\Downloads\PEX_Planar 8.zip 2013-06-06 09:22 - 2013-06-06 09:22 - 00000000 ____D C:\Users\sh.HKM\Downloads\PEX_Planar 8 2013-06-05 11:29 - 2013-06-05 11:29 - 00000000 ____D C:\Users\sh.HKM\Documents\Visual Studio 2005 2013-06-05 11:29 - 2013-06-05 11:29 - 00000000 ____D C:\Users\sh.HKM\Documents\SQL Server Management Studio 2013-06-05 10:46 - 2013-06-05 10:46 - 00447191 ____A C:\Users\sh.HKM\Desktop\MPRPP.zip 2013-06-05 10:42 - 2013-06-05 10:42 - 08233032 ____A C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip 2013-06-04 21:57 - 2013-06-04 21:57 - 01016168 ____A C:\Windows\Minidump\060413-20046-01.dmp 2013-06-04 11:50 - 2013-06-04 11:50 - 01250832 ____A C:\Windows\Minidump\060413-20841-01.dmp 2013-06-03 13:58 - 2013-06-03 14:06 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2013-06-03 13:58 - 2013-06-03 13:59 - 00000000 ____D C:\ProgramData\BlueStacks 2013-06-03 13:58 - 2013-06-03 13:58 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2013-06-03 13:46 - 2013-06-03 13:47 - 11995256 ____A (BlueStack Systems Inc.) C:\Users\sh.HKM\Downloads\BlueStacks-SplitInstaller_native.exe 2013-06-03 13:40 - 2013-06-03 13:41 - 00789473 ____A C:\Users\sh.HKM\Downloads\jd-gui-0.3.5.windows.zip 2013-06-03 13:39 - 2013-06-03 13:39 - 00001545 ____A C:\Users\sh.HKM\Desktop\Wireshark.lnk 2013-06-03 13:39 - 2013-06-03 13:39 - 00000000 ____D C:\Program Files (x86)\WinPcap 2013-06-03 13:38 - 2013-06-03 13:39 - 00000000 ____D C:\Program Files\Wireshark 2013-06-03 13:00 - 2013-06-03 13:02 - 26549232 ____A (Wireshark development team) C:\Users\sh.HKM\Downloads\Wireshark-win64-1.8.7.exe 2013-06-03 12:17 - 2013-06-03 12:17 - 01274512 ____A C:\Windows\Minidump\060313-17737-01.dmp 2013-06-03 04:00 - 2013-06-03 04:00 - 01267480 ____A C:\Windows\Minidump\060313-19234-01.dmp 2013-05-29 06:22 - 2013-05-29 06:22 - 01248760 ____A C:\Windows\Minidump\052913-19640-01.dmp 2013-05-28 16:08 - 2013-05-28 16:08 - 02902849 ____A C:\Users\sh.HKM\Downloads\ExpressTools_BricscadV13.2.zip 2013-05-28 15:46 - 2013-05-28 15:46 - 00000841 ____A C:\Users\sh.HKM\AppData\Local\recently-used.xbel 2013-05-28 13:58 - 2013-05-28 14:14 - 00000293 ____A C:\Users\sh.HKM\Documents\plot.log 2013-05-28 06:20 - 2013-05-28 06:20 - 01281296 ____A C:\Windows\Minidump\052813-20607-01.dmp 2013-05-27 15:57 - 2013-01-11 15:58 - 00121344 ____A C:\Users\sh.HKM\Desktop\Begleitscheine.xlt 2013-05-27 15:48 - 2013-05-27 15:48 - 00000798 ____A C:\Users\sh.HKM\Desktop\cnc.lnk 2013-05-27 10:44 - 2013-05-27 10:44 - 00000798 ____A C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk 2013-05-27 07:37 - 2013-05-27 07:37 - 00000758 ____A C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk 2013-05-27 07:37 - 2013-05-27 07:37 - 00000657 ____A C:\Users\sh.HKM\Desktop\SÄGE.lnk 2013-05-27 04:10 - 2013-05-27 04:10 - 01299664 ____A C:\Windows\Minidump\052713-24492-01.dmp 2013-05-23 16:02 - 2013-05-23 16:13 - 225430830 ____A (imos AG) C:\Users\sh.HKM\Downloads\Patch10c02b103.exe 2013-05-22 20:17 - 2013-06-09 21:42 - 00000000 ___AD C:\.fseventsd 2013-05-22 02:51 - 2013-05-22 02:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-17 13:38 - 2013-05-21 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-14 19:47 - 2013-05-14 19:47 - 01673320 ____A C:\Users\sh.HKM\Downloads\PX8688_12_108407.zip 2013-05-14 19:47 - 2013-05-14 19:47 - 00000000 ____D C:\Users\sh.HKM\Downloads\PX8688_12_108407 2013-05-13 10:06 - 2013-05-28 06:22 - 00000000 ____D C:\Users\sh.HKM\Desktop\Arbeit 2013-05-13 07:48 - 2013-05-13 07:48 - 00985096 ____A C:\Windows\Minidump\051313-23868-01.dmp 2013-05-12 13:43 - 2005-08-03 15:05 - 00035892 ____A (Prolific Technology Inc.) C:\Windows\SysWOW64\SER9PL.sys 2013-05-12 13:43 - 2005-08-03 15:04 - 00026719 ____A C:\Windows\SysWOW64\SERSPL.VXD 2013-05-12 13:42 - 2013-05-12 13:42 - 02431283 ____A C:\Users\sh.HKM\Downloads\PL2303_Prolific_DriverInstaller_v1.7.0.zip 2013-05-12 13:39 - 2013-05-12 13:39 - 02793134 ____A C:\Users\sh.HKM\Downloads\Setup_Training Gym Pro V1.6.10.zip 2013-05-12 13:39 - 2013-05-12 13:39 - 00002388 ____A C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk 2013-05-12 13:39 - 2013-05-12 13:39 - 00000000 ____D C:\Program Files (x86)\GlobalSat Technology 2013-05-12 13:24 - 2013-05-12 13:24 - 00000000 ____D C:\Program Files (x86)\Prolific 2013-05-12 13:24 - 2013-05-03 20:44 - 03362768 ____A C:\Users\sh.HKM\Desktop\Crivit_GH625M.zip 2013-05-12 13:24 - 2007-07-31 18:04 - 00090112 ____A (Prolific Technology Inc.) C:\Windows\System32\Drivers\ser2pl64.sys ==================== One Month Modified Files and Folders ======= 2013-06-10 08:44 - 2013-06-10 08:44 - 00000000 ____D C:\FRST 2013-06-10 07:41 - 2012-06-20 08:52 - 01036513 ____A C:\Windows\WindowsUpdate.log 2013-06-10 07:06 - 2013-06-10 07:06 - 01919988 ____A (Farbar) C:\Users\av6\Downloads\FRST64.exe 2013-06-10 06:44 - 2013-06-10 06:43 - 05078680 ____A (Swearware) C:\Users\av6\Downloads\ComboFix.exe 2013-06-10 06:37 - 2013-06-10 06:37 - 09833328 ____A (SurfRight B.V.) C:\Users\av6\Downloads\HitmanPro_x64.exe 2013-06-10 06:34 - 2013-06-10 06:33 - 04378864 ____A (Piriform Ltd) C:\Users\av6\Downloads\ccsetup402.exe 2013-06-10 06:31 - 2013-06-10 06:31 - 00000000 ____D C:\Users\av6\AppData\Local\Macromedia 2013-06-10 06:30 - 2013-06-10 06:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\av6\Downloads\tdsskiller.exe 2013-06-10 06:26 - 2012-06-23 17:11 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl 2013-06-10 06:21 - 2013-06-10 06:21 - 00003181 ____A C:\Users\av6\Desktop\gmer.log 2013-06-10 06:21 - 2012-09-19 07:56 - 00000000 ____D C:\DDS_SS_imos 2013-06-10 06:19 - 2013-06-10 06:19 - 00003181 ____A C:\Users\sh.HKM\Desktop\gmer.log 2013-06-09 23:52 - 2013-06-09 23:52 - 00000000 ____D C:\Users\av6\AppData\Roaming\Mozilla 2013-06-09 23:52 - 2013-06-09 23:52 - 00000000 ____D C:\Users\av6\AppData\Local\Mozilla 2013-06-09 23:48 - 2013-06-09 23:48 - 00076070 ____A C:\Users\av6\Desktop\Extras.Txt 2013-06-09 23:46 - 2013-06-09 23:46 - 00098728 ____A C:\Users\av6\Desktop\OTL.Txt 2013-06-09 23:44 - 2013-04-25 11:39 - 00021248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-a289-439d-8115-601632D005A0 2013-06-09 23:44 - 2013-04-25 11:39 - 00021248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-a289-439d-8115-601632D005A0 2013-06-09 23:44 - 2011-04-12 08:43 - 00762498 ____A C:\Windows\System32\perfh007.dat 2013-06-09 23:44 - 2011-04-12 08:43 - 00173092 ____A C:\Windows\System32\perfc007.dat 2013-06-09 23:44 - 2009-07-14 06:13 - 01797482 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-09 23:37 - 2013-02-19 16:36 - 00000434 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-06-09 23:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-06-09 23:35 - 2012-01-10 20:14 - 00052481 ____A C:\Windows\setupact.log 2013-06-09 23:35 - 2010-11-21 04:47 - 00009194 ____A C:\Windows\PFRO.log 2013-06-09 23:35 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-09 23:33 - 2013-06-09 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-09 23:32 - 2012-06-23 17:45 - 00000000 ____D C:\Users\sh.HKM\AppData\Roaming\Dropbox 2013-06-09 23:24 - 2013-06-09 23:17 - 00000466 ____A C:\Users\av6\Downloads\defogger_disable.log 2013-06-09 23:22 - 2012-12-04 16:59 - 00000000 ____D C:\Users\sh.HKM\Desktop\to sort 2013-06-09 23:17 - 2013-06-09 23:17 - 00000000 ____A C:\Users\sh.HKM\defogger_reenable 2013-06-09 23:17 - 2012-06-23 17:15 - 00000000 ____D C:\users\sh.HKM 2013-06-09 22:45 - 2013-06-09 22:45 - 00000000 ____D C:\Users\av6\AppData\Local\Adobe 2013-06-09 22:45 - 2013-06-09 22:05 - 00000000 ____D C:\Users\av6\AppData\Roaming\Adobe 2013-06-09 22:42 - 2013-06-09 22:42 - 00130696 ____A C:\Users\av6\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-09 22:42 - 2013-06-09 22:42 - 00000000 ____D C:\Users\av6\AppData\Roaming\pdfforge 2013-06-09 22:40 - 2013-06-09 22:40 - 00050477 ____A C:\Users\av6\Downloads\Defogger.exe 2013-06-09 22:40 - 2013-06-09 21:30 - 95023320 ___AT C:\ProgramData\4roin.pad 2013-06-09 22:35 - 2013-06-09 23:37 - 00377856 ____A C:\Users\av6\Desktop\gmer_2.1.19163.exe 2013-06-09 22:35 - 2013-06-09 22:35 - 00377856 ____A C:\Users\av6\Downloads\gmer_2.1.19163.exe 2013-06-09 22:34 - 2013-06-09 23:36 - 00602112 ____A (OldTimer Tools) C:\Users\av6\Desktop\OTL.exe 2013-06-09 22:34 - 2013-06-09 22:34 - 00602112 ____A (OldTimer Tools) C:\Users\av6\Downloads\OTL.exe 2013-06-09 22:15 - 2013-06-09 22:15 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys 2013-06-09 22:15 - 2013-06-09 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-09 22:13 - 2013-06-09 22:13 - 00000000 ____D C:\Users\av6\Downloads\mbar-1.06.0.1003 2013-06-09 22:13 - 2013-06-09 22:13 - 00000000 ____D C:\Users\av6\AppData\Roaming\WinRAR 2013-06-09 22:12 - 2013-06-09 22:12 - 13169742 ____A C:\Users\av6\Downloads\mbar-1.06.0.1003.zip 2013-06-09 22:12 - 2013-06-09 22:12 - 00648201 ____A C:\Users\av6\Downloads\adwcleaner.exe 2013-06-09 22:05 - 2013-06-09 22:05 - 00000000 ____D C:\Users\av6\AppData\Roaming\Macromedia 2013-06-09 22:03 - 2013-06-09 22:03 - 00000000 ____D C:\Users\av6\AppData\Local\VirtualStore 2013-06-09 22:03 - 2013-06-09 22:02 - 00000000 ____D C:\users\av6 2013-06-09 22:02 - 2013-06-09 22:02 - 00001338 _RASH C:\Users\av6\ntuser.pol 2013-06-09 22:02 - 2013-06-09 22:02 - 00000020 ___SH C:\Users\av6\ntuser.ini 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Vorlagen 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Startmenü 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Netzwerkumgebung 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Lokale Einstellungen 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Eigene Dateien 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Druckumgebung 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Documents\Eigene Musik 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Documents\Eigene Bilder 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\AppData\Local\Verlauf 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\AppData\Local\Anwendungsdaten 2013-06-09 22:02 - 2013-06-09 22:02 - 00000000 __SHD C:\Users\av6\Anwendungsdaten 2013-06-09 22:01 - 2013-06-09 21:30 - 00000000 ____A C:\ProgramData\kjhy64.txt 2013-06-09 22:01 - 2012-06-23 17:46 - 00000000 ___RD C:\Users\sh.HKM\Dropbox 2013-06-09 21:58 - 2013-05-07 08:59 - 00000000 ____D C:\Windows\Minidump 2013-06-09 21:58 - 2012-07-26 14:46 - 00000000 ____D C:\ww4 2013-06-09 21:58 - 2012-07-19 11:49 - 00000000 ____D C:\Users\sh.HKM\AppData\Local\Microsoft Help 2013-06-09 21:58 - 2012-06-22 11:45 - 00000000 ____D C:\ProgramData\FLEXnet 2013-06-09 21:42 - 2013-05-22 20:17 - 00000000 ___AD C:\.fseventsd 2013-06-09 21:30 - 2013-06-09 21:30 - 00002645 ____A C:\ProgramData\4roin.js 2013-06-09 21:30 - 2013-06-09 21:30 - 00000151 ____A C:\ProgramData\4roin.reg 2013-06-09 21:30 - 2013-06-09 21:30 - 00000056 ____A C:\ProgramData\4roin.bat 2013-06-09 21:28 - 2012-06-26 19:24 - 00000000 ____D C:\Users\sh.HKM\AppData\Roaming\Skype 2013-06-09 21:10 - 2013-06-09 20:57 - 00000000 ____D C:\Users\sh.HKM\AppData\Roaming\Wireshark 2013-06-09 18:35 - 2013-06-09 18:35 - 01010728 ____A C:\Windows\Minidump\060913-19656-01.dmp 2013-06-09 18:35 - 2013-05-07 08:58 - 575127510 ____A C:\Windows\MEMORY.DMP 2013-06-07 09:35 - 2013-06-07 09:35 - 00003390 ____A C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg 2013-06-07 07:03 - 2009-07-14 06:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-06 15:33 - 2013-06-06 15:32 - 01248760 ____A C:\Windows\Minidump\060613-18579-01.dmp 2013-06-06 09:22 - 2013-06-06 09:22 - 00842085 ____A C:\Users\sh.HKM\Downloads\PEX_Planar 8.zip 2013-06-06 09:22 - 2013-06-06 09:22 - 00000000 ____D C:\Users\sh.HKM\Downloads\PEX_Planar 8 2013-06-05 11:29 - 2013-06-05 11:29 - 00000000 ____D C:\Users\sh.HKM\Documents\Visual Studio 2005 2013-06-05 11:29 - 2013-06-05 11:29 - 00000000 ____D C:\Users\sh.HKM\Documents\SQL Server Management Studio 2013-06-05 10:46 - 2013-06-05 10:46 - 00447191 ____A C:\Users\sh.HKM\Desktop\MPRPP.zip 2013-06-05 10:42 - 2013-06-05 10:42 - 08233032 ____A C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip 2013-06-05 07:47 - 2012-06-24 12:45 - 00002008 ___AH C:\Users\sh.HKM\Documents\Default.rdp 2013-06-04 21:57 - 2013-06-04 21:57 - 01016168 ____A C:\Windows\Minidump\060413-20046-01.dmp 2013-06-04 11:50 - 2013-06-04 11:50 - 01250832 ____A C:\Windows\Minidump\060413-20841-01.dmp 2013-06-03 14:06 - 2013-06-03 13:58 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2013-06-03 13:59 - 2013-06-03 13:58 - 00000000 ____D C:\ProgramData\BlueStacks 2013-06-03 13:59 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-06-03 13:58 - 2013-06-03 13:58 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2013-06-03 13:47 - 2013-06-03 13:46 - 11995256 ____A (BlueStack Systems Inc.) C:\Users\sh.HKM\Downloads\BlueStacks-SplitInstaller_native.exe 2013-06-03 13:41 - 2013-06-03 13:40 - 00789473 ____A C:\Users\sh.HKM\Downloads\jd-gui-0.3.5.windows.zip 2013-06-03 13:39 - 2013-06-03 13:39 - 00001545 ____A C:\Users\sh.HKM\Desktop\Wireshark.lnk 2013-06-03 13:39 - 2013-06-03 13:39 - 00000000 ____D C:\Program Files (x86)\WinPcap 2013-06-03 13:39 - 2013-06-03 13:38 - 00000000 ____D C:\Program Files\Wireshark 2013-06-03 13:02 - 2013-06-03 13:00 - 26549232 ____A (Wireshark development team) C:\Users\sh.HKM\Downloads\Wireshark-win64-1.8.7.exe 2013-06-03 12:17 - 2013-06-03 12:17 - 01274512 ____A C:\Windows\Minidump\060313-17737-01.dmp 2013-06-03 04:00 - 2013-06-03 04:00 - 01267480 ____A C:\Windows\Minidump\060313-19234-01.dmp 2013-05-29 08:19 - 2012-09-18 19:10 - 00000000 ___HD C:\.Trashes 2013-05-29 06:22 - 2013-05-29 06:22 - 01248760 ____A C:\Windows\Minidump\052913-19640-01.dmp 2013-05-28 16:15 - 2012-06-23 17:59 - 00000000 ____D C:\Users\sh.HKM\AppData\Roaming\Autodesk 2013-05-28 16:15 - 2012-06-22 11:35 - 00000000 ____D C:\Program Files\Autodesk 2013-05-28 16:08 - 2013-05-28 16:08 - 02902849 ____A C:\Users\sh.HKM\Downloads\ExpressTools_BricscadV13.2.zip 2013-05-28 15:46 - 2013-05-28 15:46 - 00000841 ____A C:\Users\sh.HKM\AppData\Local\recently-used.xbel 2013-05-28 15:34 - 2012-08-30 15:51 - 00000000 ____D C:\Users\sh.HKM\.gimp-2.8 2013-05-28 14:14 - 2013-05-28 13:58 - 00000293 ____A C:\Users\sh.HKM\Documents\plot.log 2013-05-28 09:14 - 2012-06-23 18:00 - 00000000 ____D C:\Users\sh.HKM\AppData\Local\cache 2013-05-28 06:22 - 2013-05-13 10:06 - 00000000 ____D C:\Users\sh.HKM\Desktop\Arbeit 2013-05-28 06:20 - 2013-05-28 06:20 - 01281296 ____A C:\Windows\Minidump\052813-20607-01.dmp 2013-05-27 15:48 - 2013-05-27 15:48 - 00000798 ____A C:\Users\sh.HKM\Desktop\cnc.lnk 2013-05-27 10:44 - 2013-05-27 10:44 - 00000798 ____A C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk 2013-05-27 07:37 - 2013-05-27 07:37 - 00000758 ____A C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk 2013-05-27 07:37 - 2013-05-27 07:37 - 00000657 ____A C:\Users\sh.HKM\Desktop\SÄGE.lnk 2013-05-27 04:10 - 2013-05-27 04:10 - 01299664 ____A C:\Windows\Minidump\052713-24492-01.dmp 2013-05-27 04:09 - 2012-07-29 15:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-23 16:13 - 2013-05-23 16:02 - 225430830 ____A (imos AG) C:\Users\sh.HKM\Downloads\Patch10c02b103.exe 2013-05-22 02:51 - 2013-05-22 02:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-21 12:50 - 2013-05-17 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-20 11:45 - 2012-10-11 21:02 - 00006148 ____A C:\.DS_Store 2013-05-17 12:21 - 2013-01-28 10:13 - 00000000 ____D C:\ProgramData\Adobe 2013-05-17 12:20 - 2012-06-21 12:50 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-17 12:20 - 2012-06-21 12:50 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 19:47 - 2013-05-14 19:47 - 01673320 ____A C:\Users\sh.HKM\Downloads\PX8688_12_108407.zip 2013-05-14 19:47 - 2013-05-14 19:47 - 00000000 ____D C:\Users\sh.HKM\Downloads\PX8688_12_108407 2013-05-13 07:48 - 2013-05-13 07:48 - 00985096 ____A C:\Windows\Minidump\051313-23868-01.dmp 2013-05-12 13:43 - 2012-06-20 11:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-05-12 13:42 - 2013-05-12 13:42 - 02431283 ____A C:\Users\sh.HKM\Downloads\PL2303_Prolific_DriverInstaller_v1.7.0.zip 2013-05-12 13:39 - 2013-05-12 13:39 - 02793134 ____A C:\Users\sh.HKM\Downloads\Setup_Training Gym Pro V1.6.10.zip 2013-05-12 13:39 - 2013-05-12 13:39 - 00002388 ____A C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk 2013-05-12 13:39 - 2013-05-12 13:39 - 00000000 ____D C:\Program Files (x86)\GlobalSat Technology 2013-05-12 13:24 - 2013-05-12 13:24 - 00000000 ____D C:\Program Files (x86)\Prolific Files to move or delete: ==================== C:\ProgramData\4roin.bat C:\ProgramData\4roin.pad C:\ProgramData\4roin.reg C:\ProgramData\NTUSER.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-28 08:16:13 Restore point made on: 2013-06-03 07:08:26 Restore point made on: 2013-06-05 09:10:21 Restore point made on: 2013-06-09 23:33:32 ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=C: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {a86b1b3d-bab4-11e1-b1d5-dca3cae17834} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {a86b1b3d-bab4-11e1-b1d5-dca3cae17834} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[C:]\Recovery\a86b1b3f-bab4-11e1-b1d5-dca3cae17834\Winre.wim,{a86b1b40-bab4-11e1-b1d5-dca3cae17834} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\a86b1b3f-bab4-11e1-b1d5-dca3cae17834\Winre.wim,{a86b1b40-bab4-11e1-b1d5-dca3cae17834} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {a86b1b3d-bab4-11e1-b1d5-dca3cae17834} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=C: path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {a86b1b40-bab4-11e1-b1d5-dca3cae17834} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\a86b1b3f-bab4-11e1-b1d5-dca3cae17834\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8102.73 MB Available physical RAM: 7288.17 MB Total Pagefile: 8100.93 MB Available Pagefile: 7281.42 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (BOOTCAMP) (Fixed) (Total:166.98 GB) (Free:50.2 GB) NTFS (Disk=0 Partition=4) ==>[Drive with boot components (obtained from BCD)] Drive e: (SAHO) (Removable) (Total:29.81 GB) (Free:13.79 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 00004954) Partition: GPT Partition TypePartition 2: (Not Active) - (Size=531 GB) - (Type=AF) Partition 3: (Not Active) - (Size=620 MB) - (Type=AB) Partition 4: (Active) - (Size=167 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 30 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=30 GB) - (Type=0C) LastRegBack: 2013-06-03 07:59 ==================== End Of Log ============================ |
|
10.06.2013, 10:41
| #4 |
| | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to ich hoffe ihr nehmt mir den doppelpost nicht übel, aber ich habe mir grad die logs genauer angeschaut und da sind mir 4 dateien aufgefallen. diese müssen mit der sache zu tun haben, weil ein registry-eintrag im winlogon dabei ist. ich habe diese 4dateien mal gezipt und angehangen. der code is der auszug des wiederholten otl scans. auszug mit 4 interessanten dateien Code:
ATTFilter ========== Files Created - No Company Name ==========
[2013.06.10 00:17:52 | 000,000,000 | ---- | C] () -- C:\Users\sh.HKM\defogger_reenable
[2013.06.09 23:15:16 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.06.09 22:30:32 | 000,001,033 | ---- | C] () -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.06.09 22:30:29 | 000,002,645 | ---- | C] () -- C:\ProgramData\4roin.js
[2013.06.09 22:30:29 | 000,000,151 | ---- | C] () -- C:\ProgramData\4roin.reg
[2013.06.09 22:30:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\4roin.bat
[2013.06.09 22:30:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\4roin.pad
kompletter code Code:
ATTFilter OTL logfile created on: 10.06.2013 11:16:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\av6\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,32 Gb Available Physical Memory | 67,26% Memory free 15,82 Gb Paging File | 12,87 Gb Available in Paging File | 81,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 166,98 Gb Total Space | 50,01 Gb Free Space | 29,95% Space Free | Partition Type: NTFS Drive D: | 530,85 Gb Total Space | 23,07 Gb Free Space | 4,35% Space Free | Partition Type: HFS Computer Name: SHWIN7 | User Name: sh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.06.09 23:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\av6\Desktop\OTL.exe PRC - [2013.05.22 03:51:47 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.17 13:20:55 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.05.13 13:21:42 | 000,601,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe PRC - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.05 20:41:25 | 007,315,968 | ---- | M] (schrankplaner.de GmbH & Co. KG) -- C:\schrankplaner\Schrankplaner.exe PRC - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.02.03 21:42:45 | 000,030,944 | ---- | M] (Autodesk, Inc.) -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\AdExchange.exe PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 15:01:10 | 000,650,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\103f18bf086b6fd674d6e7edbb513a5e\HD-Agent.ni.exe MOD - [2013.06.03 15:01:02 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\eeaa358ae934021a81a71f48ea45989b\JSON.ni.dll MOD - [2013.05.22 03:51:47 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.17 13:20:55 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2012.01.10 20:47:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2012.01.10 20:46:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2012.01.10 20:46:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2012.01.10 20:46:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2012.01.10 20:46:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2012.01.10 20:46:00 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2012.01.10 20:45:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.04.12 09:43:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2011.02.03 21:42:45 | 000,152,288 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\AdConnect.dll MOD - [2011.02.03 21:42:45 | 000,006,368 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\AdExchangeRes.dll MOD - [2010.12.01 13:29:06 | 000,284,672 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\Plugins\Imageformats\qtiff_Ad_4.dll MOD - [2010.12.01 13:29:05 | 000,220,672 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\Plugins\Imageformats\qmng_Ad_4.dll MOD - [2010.12.01 13:29:05 | 000,022,016 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\Plugins\Imageformats\qsvg_Ad_4.dll MOD - [2010.12.01 13:29:04 | 000,196,608 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\Plugins\Imageformats\qjpeg_Ad_4.dll MOD - [2010.12.01 13:29:04 | 000,028,672 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\Plugins\Imageformats\qico_Ad_4.dll MOD - [2010.12.01 13:29:04 | 000,026,624 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\Plugins\Imageformats\qgif_Ad_4.dll MOD - [2010.12.01 13:28:32 | 000,339,968 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\QtXml_Ad_4.dll MOD - [2010.12.01 13:28:31 | 010,674,688 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\QtWebKit_Ad_4.dll MOD - [2010.12.01 13:28:30 | 000,283,136 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\QtSvg_Ad_4.DLL MOD - [2010.12.01 13:28:29 | 000,946,176 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\QtNetwork_Ad_4.dll MOD - [2010.12.01 13:28:28 | 008,132,608 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\QtGui_Ad_4.dll MOD - [2010.12.01 13:28:26 | 002,247,680 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\QtCore_Ad_4.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.01 03:35:50 | 000,031,680 | ---- | M] () -- C:\Programme\Autodesk\AutoCAD 2012 - Deutsch\AdExchange\QTSOLUTIONS_MFCMIGRATIONFRAMEWORK_Ad_2.8.DLL ========== Services (SafeList) ========== SRV:64bit: - [2011.06.29 07:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv) SRV:64bit: - [2011.06.29 07:49:36 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr) SRV:64bit: - [2011.06.13 18:34:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.16 16:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.22 03:51:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2013.05.13 13:20:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.13 20:49:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.21 22:54:48 | 000,073,368 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe -- (VMTools) SRV - [2012.06.22 12:38:55 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.01 13:14:26 | 000,566,096 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway) SRV - [2012.05.01 13:14:26 | 000,509,776 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc) SRV - [2012.02.02 18:14:36 | 000,336,248 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV - [2011.10.31 18:39:56 | 000,189,304 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV - [2011.10.31 18:39:42 | 000,143,736 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.04.03 11:02:52 | 000,032,096 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher$IMOSSQL2008R2) SRV - [2010.04.03 11:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\sqlservr.exe -- (MSSQL$IMOSSQL2008R2) SRV - [2010.04.03 11:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$IMOSSQL2008R2) SRV - [2010.04.03 11:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.04.03 11:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.09 23:15:16 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2013.03.06 16:00:10 | 000,388,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XLHASP.sys -- (XLHASP) DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2012.08.21 22:58:18 | 000,218,776 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp) DRV:64bit: - [2012.08.21 22:52:44 | 000,015,512 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusbmouse.sys -- (vmusbmouse) DRV:64bit: - [2012.08.21 22:52:24 | 000,014,488 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse) DRV:64bit: - [2012.08.21 22:51:50 | 000,125,080 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\vmhgfs.sys -- (vmhgfs) DRV:64bit: - [2012.08.21 14:10:40 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.08.21 14:10:40 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.05 21:44:42 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM) DRV:64bit: - [2011.06.29 07:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS) DRV:64bit: - [2011.06.29 07:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT) DRV:64bit: - [2011.06.29 07:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver) DRV:64bit: - [2011.06.29 07:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent) DRV:64bit: - [2011.06.13 18:37:15 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.06.13 18:37:12 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter) DRV:64bit: - [2011.06.13 18:37:07 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.06.13 18:37:06 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2011.06.13 18:37:06 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011.06.13 18:34:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.13 18:34:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.03 13:18:28 | 000,052,736 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt) DRV:64bit: - [2011.05.26 21:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic) DRV:64bit: - [2011.03.25 03:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt) DRV:64bit: - [2011.03.25 03:31:56 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp) DRV:64bit: - [2011.03.25 03:31:56 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm) DRV:64bit: - [2011.03.25 03:31:33 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.04.03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2009.09.21 08:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.08.20 07:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.13 10:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2009.03.13 10:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2007.07.31 19:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2007.07.23 14:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV - [2013.05.13 13:20:44 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2012.08.21 22:52:08 | 000,017,560 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Common Files\VMware\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL) DRV - [2012.08.21 22:50:38 | 000,046,232 | ---- | M] (VMware, Inc.) [Kernel | System | Running] -- C:\Programme\VMware\VMware Tools\vmrawdsk.sys -- (vmrawdsk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 B2 76 AF 6D 61 CE 01 [binary data] IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 A8 F2 FF 54 65 CE 01 [binary data] IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1188\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1188\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.backup.ftp: "192.168.2.4" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "192.168.2.4" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "192.168.2.4" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "192.168.2.4" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "192.168.2.4" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.2.4" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "192.168.2.4" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 03:51:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 03:51:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 14:38:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 03:51:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 03:51:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 14:38:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.06.23 18:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\Extensions [2013.05.13 11:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\Firefox\Profiles\hs7o6e7f.default\extensions [2013.05.13 11:01:24 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.01.07 11:12:29 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.06.25 16:58:57 | 000,003,915 | ---- | M] () -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\searchplugins\sweetim.xml [2013.05.22 03:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 03:51:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.08.09 16:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll O1 HOSTS File: ([2013.02.19 18:22:23 | 000,000,846 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 192.168.250.1 server O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-829343884-2666764345-3519855931-1188\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4:64bit: - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-829343884-2666764345-3519855931-1188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.250.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hkm.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04581D58-4F0B-4D4E-8CF1-B027230788FC}: DhcpNameServer = 192.168.250.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05875837-CC3B-47D3-BCCC-30337B3671D0}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFE8A30-71E8-40B2-9A7E-C8E872EB60A4}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30BA0B08-E2B7-4CEC-9E32-4F522B825B35}: DhcpNameServer = 172.16.49.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BB9FEC1-3406-49C8-81D1-3B15B3C26870}: DhcpNameServer = 192.168.250.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.10 09:44:05 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.09 23:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.09 23:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.09 21:57:33 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\AppData\Roaming\Wireshark [2013.06.05 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Documents\Visual Studio 2005 [2013.06.05 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Documents\SQL Server Management Studio [2013.06.03 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.06.03 14:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2013.06.03 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013.06.03 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2013.06.03 14:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2013.06.03 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2013.06.03 14:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2013.05.22 21:17:12 | 000,000,000 | ---D | C] -- C:\.fseventsd [2013.05.22 03:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.17 14:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.13 11:06:24 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Desktop\Arbeit [2013.05.12 14:43:01 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys [2013.05.12 14:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobalSat Technology [2013.05.12 14:39:38 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Globalsat GS-Sport [2013.05.12 14:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific [2013.05.12 14:24:16 | 000,090,112 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys [1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.10 09:55:23 | 000,021,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-a289-439d-8115-601632D005A0 [2013.06.10 09:55:23 | 000,021,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-a289-439d-8115-601632D005A0 [2013.06.10 09:52:18 | 001,797,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.10 09:52:18 | 000,762,498 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.10 09:52:18 | 000,717,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.10 09:52:18 | 000,173,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.10 09:52:18 | 000,146,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.10 09:48:35 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2012 - Deutsch.lnk [2013.06.10 09:47:56 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.06.10 09:46:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.10 09:46:50 | 2077,282,303 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 00:17:52 | 000,000,000 | ---- | M] () -- C:\Users\sh.HKM\defogger_reenable [2013.06.09 23:40:38 | 095,023,320 | ---- | M] () -- C:\ProgramData\4roin.pad [2013.06.09 23:15:16 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.06.09 22:30:32 | 000,001,033 | ---- | M] () -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk [2013.06.09 22:30:29 | 000,002,645 | ---- | M] () -- C:\ProgramData\4roin.js [2013.06.09 22:30:29 | 000,000,151 | ---- | M] () -- C:\ProgramData\4roin.reg [2013.06.09 22:30:29 | 000,000,056 | ---- | M] () -- C:\ProgramData\4roin.bat [2013.06.09 19:35:41 | 575,127,510 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.07 12:26:45 | 001,117,753 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Foto.JPG [2013.06.07 11:15:45 | 000,132,927 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Re_ Zuschnittliste für Schelling-Säge.pdf [2013.06.07 11:11:30 | 000,037,796 | ---- | M] () -- C:\Users\sh.HKM\Desktop\vpex3250 - kumulierte Schnittliste.pdf [2013.06.07 10:35:48 | 000,003,390 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg [2013.06.05 16:47:40 | 000,465,943 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9762_b.jpg [2013.06.05 16:47:38 | 000,528,392 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9754_b.jpg [2013.06.05 16:47:37 | 000,603,113 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9751_b.jpg [2013.06.05 16:47:36 | 000,462,500 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9791_b.jpg [2013.06.05 16:47:34 | 000,558,925 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9780_b_k.jpg [2013.06.05 11:46:41 | 000,447,191 | ---- | M] () -- C:\Users\sh.HKM\Desktop\MPRPP.zip [2013.06.05 11:42:31 | 008,233,032 | ---- | M] () -- C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip [2013.06.05 09:31:29 | 000,022,528 | ---- | M] () -- C:\Users\sh.HKM\Desktop\MMA Grundformm.pdf [2013.06.05 08:47:35 | 000,002,008 | -H-- | M] () -- C:\Users\sh.HKM\Documents\Default.rdp [2013.06.03 14:39:21 | 000,001,545 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Wireshark.lnk [2013.05.28 16:46:31 | 000,000,841 | ---- | M] () -- C:\Users\sh.HKM\AppData\Local\recently-used.xbel [2013.05.27 16:48:09 | 000,000,798 | ---- | M] () -- C:\Users\sh.HKM\Desktop\cnc.lnk [2013.05.27 11:44:54 | 000,000,798 | ---- | M] () -- C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk [2013.05.27 08:37:20 | 000,000,657 | ---- | M] () -- C:\Users\sh.HKM\Desktop\SÄGE.lnk [2013.05.27 08:37:08 | 000,000,758 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk [2013.05.20 12:45:02 | 000,006,148 | ---- | M] () -- C:\.DS_Store [2013.05.17 13:20:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.17 13:20:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.12 14:39:39 | 000,002,388 | ---- | M] () -- C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk [1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.10 00:17:52 | 000,000,000 | ---- | C] () -- C:\Users\sh.HKM\defogger_reenable [2013.06.09 23:15:16 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.06.09 22:30:32 | 000,001,033 | ---- | C] () -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk [2013.06.09 22:30:29 | 000,002,645 | ---- | C] () -- C:\ProgramData\4roin.js [2013.06.09 22:30:29 | 000,000,151 | ---- | C] () -- C:\ProgramData\4roin.reg [2013.06.09 22:30:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\4roin.bat [2013.06.09 22:30:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\4roin.pad [2013.06.07 12:26:44 | 001,117,753 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Foto.JPG [2013.06.07 11:15:43 | 000,132,927 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Re_ Zuschnittliste für Schelling-Säge.pdf [2013.06.07 11:11:29 | 000,037,796 | ---- | C] () -- C:\Users\sh.HKM\Desktop\vpex3250 - kumulierte Schnittliste.pdf [2013.06.07 10:35:48 | 000,003,390 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg [2013.06.05 16:47:38 | 000,465,943 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9762_b.jpg [2013.06.05 16:47:37 | 000,528,392 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9754_b.jpg [2013.06.05 16:47:36 | 000,603,113 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9751_b.jpg [2013.06.05 16:47:34 | 000,462,500 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9791_b.jpg [2013.06.05 16:47:33 | 000,558,925 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9780_b_k.jpg [2013.06.05 11:46:41 | 000,447,191 | ---- | C] () -- C:\Users\sh.HKM\Desktop\MPRPP.zip [2013.06.05 11:42:26 | 008,233,032 | ---- | C] () -- C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip [2013.06.05 09:31:28 | 000,022,528 | ---- | C] () -- C:\Users\sh.HKM\Desktop\MMA Grundformm.pdf [2013.06.03 14:39:21 | 000,001,545 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Wireshark.lnk [2013.05.28 16:46:31 | 000,000,841 | ---- | C] () -- C:\Users\sh.HKM\AppData\Local\recently-used.xbel [2013.05.27 16:57:27 | 000,121,344 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Begleitscheine.xlt [2013.05.27 16:48:09 | 000,000,798 | ---- | C] () -- C:\Users\sh.HKM\Desktop\cnc.lnk [2013.05.27 11:44:54 | 000,000,798 | ---- | C] () -- C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk [2013.05.27 08:37:20 | 000,000,657 | ---- | C] () -- C:\Users\sh.HKM\Desktop\SÄGE.lnk [2013.05.27 08:37:08 | 000,000,758 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk [2013.05.12 14:43:01 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD [2013.05.12 14:39:39 | 000,002,388 | ---- | C] () -- C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk [2013.05.12 14:24:01 | 003,362,768 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Crivit_GH625M.zip [2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012.11.26 14:58:14 | 000,000,279 | ---- | C] () -- C:\Windows\IMOSCAM.INI [2012.10.11 22:28:16 | 000,012,292 | ---- | C] () -- C:\Users\sh.HKM\.DS_Store [2012.08.22 22:48:45 | 000,000,058 | ---- | C] () -- C:\Users\sh.HKM\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2012.07.21 14:37:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.07.21 14:34:25 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012.06.25 20:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\cms.INI [2012.06.23 18:15:23 | 000,001,338 | RHS- | C] () -- C:\Users\sh.HKM\ntuser.pol [2012.06.23 18:14:34 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.06.22 14:16:53 | 000,000,389 | ---- | C] () -- C:\Windows\IMOSCAM_local.INI [2012.06.22 14:16:53 | 000,000,236 | ---- | C] () -- C:\Windows\IMOSR18.INI [2012.06.22 12:39:36 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.06.22 12:29:17 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.20 16:53:07 | 000,000,137 | ---- | C] () -- C:\Windows\ODBC.INI [2012.06.20 16:51:57 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.06.20 12:04:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.20 12:02:20 | 000,014,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.06.20 11:59:43 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011.08.30 07:25:09 | 014,173,184 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.08.30 06:21:25 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\sh.HKM\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.VISE Temp Items:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.TemporaryItems:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.DS_Store:AFP_AfpInfo < End of report > gruß racebo |
|
10.06.2013, 14:53
| #5 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to Ich weiß dass die 4 böse sind, was aber fehlte im OTL log war der Startpunkt, FRST zeigt ihn  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\nior4.dat (No File)
2013-06-09 21:30 - 2013-06-09 22:40 - 95023320 ___AT C:\ProgramData\4roin.pad
2013-06-09 21:30 - 2013-06-09 22:01 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-09 21:30 - 2013-06-09 21:30 - 00002645 ____A C:\ProgramData\4roin.js
2013-06-09 21:30 - 2013-06-09 21:30 - 00000151 ____A C:\ProgramData\4roin.reg
2013-06-09 21:30 - 2013-06-09 21:30 - 00000056 ____A C:\ProgramData\4roin.bat
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.06.2013, 15:27
| #6 |
| | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to Ich hab diese Datein vorher händisch gelöscht, weil ich mir sicher war das die falsch sind. Hoffe das macht keine Probleme? Deshalb hat er die Dateien nicht gefunden. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-06-2013
Ran by SYSTEM at 2013-06-10 16:22:40 Run:1
Running from E:\
Boot Mode: Recovery
==============================================
C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\PROGRA~3\nior4.dat not found.
C:\ProgramData\4roin.pad => File/Directory not found.
C:\ProgramData\kjhy64.txt => File/Directory not found.
C:\ProgramData\4roin.js => File/Directory not found.
C:\ProgramData\4roin.reg => File/Directory not found.
C:\ProgramData\4roin.bat => File/Directory not found.
==== End of Fixlog ====
|
|
10.06.2013, 15:28
| #7 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to Startpunkt ist weg. Rechner normal booten und ein frisches OTL log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.06.2013, 17:08
| #8 |
| | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to Keine Probleme mehr. Super vielen Dank! hier der ein neuer OTL Log Code:
ATTFilter OTL logfile created on: 10.06.2013 17:26:48 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sh.HKM\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,24 Gb Available Physical Memory | 78,91% Memory free 15,82 Gb Paging File | 13,94 Gb Available in Paging File | 88,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 166,98 Gb Total Space | 51,26 Gb Free Space | 30,70% Space Free | Partition Type: NTFS Drive D: | 530,85 Gb Total Space | 23,07 Gb Free Space | 4,35% Space Free | Partition Type: HFS Drive G: | 29,81 Gb Total Space | 13,79 Gb Free Space | 46,26% Space Free | Partition Type: FAT32 Drive N: | 436,37 Gb Total Space | 353,63 Gb Free Space | 81,04% Space Free | Partition Type: NTFS Drive S: | 138,76 Gb Total Space | 86,98 Gb Free Space | 62,69% Space Free | Partition Type: NTFS Drive T: | 436,37 Gb Total Space | 353,63 Gb Free Space | 81,04% Space Free | Partition Type: NTFS Drive U: | 436,37 Gb Total Space | 353,63 Gb Free Space | 81,04% Space Free | Partition Type: NTFS Computer Name: SHWIN7 | User Name: sh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.06.09 23:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sh.HKM\Desktop\OTL.exe PRC - [2013.05.13 13:21:42 | 000,601,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe PRC - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.14 04:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\sh\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 15:01:10 | 000,650,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\103f18bf086b6fd674d6e7edbb513a5e\HD-Agent.ni.exe MOD - [2013.06.03 15:01:02 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\eeaa358ae934021a81a71f48ea45989b\JSON.ni.dll MOD - [2012.01.10 20:47:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2012.01.10 20:46:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2012.01.10 20:46:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2012.01.10 20:46:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2012.01.10 20:46:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2012.01.10 20:46:00 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2012.01.10 20:45:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.04.12 09:43:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.06.29 07:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv) SRV:64bit: - [2011.06.29 07:49:36 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr) SRV:64bit: - [2011.06.13 18:34:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.16 16:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.22 03:51:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2013.05.13 13:20:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.13 20:49:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.21 22:54:48 | 000,073,368 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe -- (VMTools) SRV - [2012.06.22 12:38:55 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.01 13:14:26 | 000,566,096 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway) SRV - [2012.05.01 13:14:26 | 000,509,776 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc) SRV - [2012.02.02 18:14:36 | 000,336,248 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV - [2011.10.31 18:39:56 | 000,189,304 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV - [2011.10.31 18:39:42 | 000,143,736 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV - [2011.06.13 18:37:16 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.06.13 18:37:15 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.04.03 11:02:52 | 000,032,096 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher$IMOSSQL2008R2) SRV - [2010.04.03 11:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\sqlservr.exe -- (MSSQL$IMOSSQL2008R2) SRV - [2010.04.03 11:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.IMOSSQL2008R2\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$IMOSSQL2008R2) SRV - [2010.04.03 11:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.04.03 11:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.09 23:15:16 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2013.03.06 16:00:10 | 000,388,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XLHASP.sys -- (XLHASP) DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2012.08.21 22:58:18 | 000,218,776 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp) DRV:64bit: - [2012.08.21 22:52:44 | 000,015,512 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusbmouse.sys -- (vmusbmouse) DRV:64bit: - [2012.08.21 22:52:24 | 000,014,488 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse) DRV:64bit: - [2012.08.21 22:51:50 | 000,125,080 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\vmhgfs.sys -- (vmhgfs) DRV:64bit: - [2012.08.21 14:10:40 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.08.21 14:10:40 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.05 21:44:42 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM) DRV:64bit: - [2011.06.29 07:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS) DRV:64bit: - [2011.06.29 07:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT) DRV:64bit: - [2011.06.29 07:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver) DRV:64bit: - [2011.06.29 07:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent) DRV:64bit: - [2011.06.13 18:37:15 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.06.13 18:37:12 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter) DRV:64bit: - [2011.06.13 18:37:07 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.06.13 18:37:06 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2011.06.13 18:37:06 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011.06.13 18:34:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.13 18:34:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.03 13:18:28 | 000,052,736 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt) DRV:64bit: - [2011.05.26 21:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic) DRV:64bit: - [2011.03.25 03:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt) DRV:64bit: - [2011.03.25 03:31:56 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp) DRV:64bit: - [2011.03.25 03:31:56 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm) DRV:64bit: - [2011.03.25 03:31:33 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.04.03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2009.09.21 08:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.08.20 07:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.13 10:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2009.03.13 10:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2007.07.31 19:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2007.07.23 14:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV - [2013.05.13 13:20:44 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2012.08.21 22:52:08 | 000,017,560 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Common Files\VMware\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL) DRV - [2012.08.21 22:50:38 | 000,046,232 | ---- | M] (VMware, Inc.) [Kernel | System | Running] -- C:\Programme\VMware\VMware Tools\vmrawdsk.sys -- (vmrawdsk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 B2 76 AF 6D 61 CE 01 [binary data] IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.backup.ftp: "192.168.2.4" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "192.168.2.4" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "192.168.2.4" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "192.168.2.4" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "192.168.2.4" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.2.4" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "192.168.2.4" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 03:51:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 03:51:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 14:38:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 03:51:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 03:51:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 14:38:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.06.23 18:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\Extensions [2013.05.13 11:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\Firefox\Profiles\hs7o6e7f.default\extensions [2013.05.13 11:01:24 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.01.07 11:12:29 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.06.25 16:58:57 | 000,003,915 | ---- | M] () -- C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\searchplugins\sweetim.xml [2013.05.22 03:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 03:51:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.08.09 16:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll O1 HOSTS File: ([2013.02.19 18:22:23 | 000,000,846 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 192.168.250.1 server O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4:64bit: - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-829343884-2666764345-3519855931-1178\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.250.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hkm.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04581D58-4F0B-4D4E-8CF1-B027230788FC}: DhcpNameServer = 192.168.250.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05875837-CC3B-47D3-BCCC-30337B3671D0}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFE8A30-71E8-40B2-9A7E-C8E872EB60A4}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30BA0B08-E2B7-4CEC-9E32-4F522B825B35}: DhcpNameServer = 172.16.49.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BB9FEC1-3406-49C8-81D1-3B15B3C26870}: DhcpNameServer = 192.168.250.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.10 17:26:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sh.HKM\Desktop\OTL.exe [2013.06.10 09:44:05 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.09 23:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.09 23:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.09 21:57:33 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\AppData\Roaming\Wireshark [2013.06.05 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Documents\Visual Studio 2005 [2013.06.05 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Documents\SQL Server Management Studio [2013.06.03 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.06.03 14:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2013.06.03 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013.06.03 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2013.06.03 14:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2013.06.03 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2013.06.03 14:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2013.05.22 21:17:12 | 000,000,000 | ---D | C] -- C:\.fseventsd [2013.05.22 03:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.17 14:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.13 11:06:24 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\Desktop\Arbeit [2013.05.12 14:43:01 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys [2013.05.12 14:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobalSat Technology [2013.05.12 14:39:38 | 000,000,000 | ---D | C] -- C:\Users\sh.HKM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Globalsat GS-Sport [2013.05.12 14:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific [2013.05.12 14:24:16 | 000,090,112 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys [1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.10 16:32:28 | 000,021,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-a289-439d-8115-601632D005A0 [2013.06.10 16:32:28 | 000,021,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-a289-439d-8115-601632D005A0 [2013.06.10 16:31:06 | 001,797,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.10 16:31:06 | 000,762,498 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.10 16:31:06 | 000,717,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.10 16:31:06 | 000,173,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.10 16:31:06 | 000,146,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.10 16:25:26 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.06.10 16:24:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.10 16:24:18 | 2077,282,303 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 09:48:35 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2012 - Deutsch.lnk [2013.06.10 00:17:52 | 000,000,000 | ---- | M] () -- C:\Users\sh.HKM\defogger_reenable [2013.06.09 23:34:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sh.HKM\Desktop\OTL.exe [2013.06.09 23:15:16 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.06.09 19:35:41 | 575,127,510 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.07 12:26:45 | 001,117,753 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Foto.JPG [2013.06.07 11:15:45 | 000,132,927 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Re_ Zuschnittliste für Schelling-Säge.pdf [2013.06.07 11:11:30 | 000,037,796 | ---- | M] () -- C:\Users\sh.HKM\Desktop\vpex3250 - kumulierte Schnittliste.pdf [2013.06.07 10:35:48 | 000,003,390 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg [2013.06.05 16:47:40 | 000,465,943 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9762_b.jpg [2013.06.05 16:47:38 | 000,528,392 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9754_b.jpg [2013.06.05 16:47:37 | 000,603,113 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9751_b.jpg [2013.06.05 16:47:36 | 000,462,500 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9791_b.jpg [2013.06.05 16:47:34 | 000,558,925 | ---- | M] () -- C:\Users\sh.HKM\Desktop\IMG_9780_b_k.jpg [2013.06.05 11:46:41 | 000,447,191 | ---- | M] () -- C:\Users\sh.HKM\Desktop\MPRPP.zip [2013.06.05 11:42:31 | 008,233,032 | ---- | M] () -- C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip [2013.06.05 09:31:29 | 000,022,528 | ---- | M] () -- C:\Users\sh.HKM\Desktop\MMA Grundformm.pdf [2013.06.05 08:47:35 | 000,002,008 | -H-- | M] () -- C:\Users\sh.HKM\Documents\Default.rdp [2013.06.03 14:39:21 | 000,001,545 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Wireshark.lnk [2013.05.28 16:46:31 | 000,000,841 | ---- | M] () -- C:\Users\sh.HKM\AppData\Local\recently-used.xbel [2013.05.27 16:48:09 | 000,000,798 | ---- | M] () -- C:\Users\sh.HKM\Desktop\cnc.lnk [2013.05.27 11:44:54 | 000,000,798 | ---- | M] () -- C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk [2013.05.27 08:37:20 | 000,000,657 | ---- | M] () -- C:\Users\sh.HKM\Desktop\SÄGE.lnk [2013.05.27 08:37:08 | 000,000,758 | ---- | M] () -- C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk [2013.05.20 12:45:02 | 000,006,148 | ---- | M] () -- C:\.DS_Store [2013.05.17 13:20:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.17 13:20:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.12 14:39:39 | 000,002,388 | ---- | M] () -- C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk [1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.10 00:17:52 | 000,000,000 | ---- | C] () -- C:\Users\sh.HKM\defogger_reenable [2013.06.09 23:15:16 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.06.07 12:26:44 | 001,117,753 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Foto.JPG [2013.06.07 11:15:43 | 000,132,927 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Re_ Zuschnittliste für Schelling-Säge.pdf [2013.06.07 11:11:29 | 000,037,796 | ---- | C] () -- C:\Users\sh.HKM\Desktop\vpex3250 - kumulierte Schnittliste.pdf [2013.06.07 10:35:48 | 000,003,390 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Schelling3HPO.cfg [2013.06.05 16:47:38 | 000,465,943 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9762_b.jpg [2013.06.05 16:47:37 | 000,528,392 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9754_b.jpg [2013.06.05 16:47:36 | 000,603,113 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9751_b.jpg [2013.06.05 16:47:34 | 000,462,500 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9791_b.jpg [2013.06.05 16:47:33 | 000,558,925 | ---- | C] () -- C:\Users\sh.HKM\Desktop\IMG_9780_b_k.jpg [2013.06.05 11:46:41 | 000,447,191 | ---- | C] () -- C:\Users\sh.HKM\Desktop\MPRPP.zip [2013.06.05 11:42:26 | 008,233,032 | ---- | C] () -- C:\Users\sh.HKM\Desktop\CAMSF_201306051142.zip [2013.06.05 09:31:28 | 000,022,528 | ---- | C] () -- C:\Users\sh.HKM\Desktop\MMA Grundformm.pdf [2013.06.03 14:39:21 | 000,001,545 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Wireshark.lnk [2013.05.28 16:46:31 | 000,000,841 | ---- | C] () -- C:\Users\sh.HKM\AppData\Local\recently-used.xbel [2013.05.27 16:57:27 | 000,121,344 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Begleitscheine.xlt [2013.05.27 16:48:09 | 000,000,798 | ---- | C] () -- C:\Users\sh.HKM\Desktop\cnc.lnk [2013.05.27 11:44:54 | 000,000,798 | ---- | C] () -- C:\Users\sh.HKM\Desktop\mp4 - Verknüpfung.lnk [2013.05.27 08:37:20 | 000,000,657 | ---- | C] () -- C:\Users\sh.HKM\Desktop\SÄGE.lnk [2013.05.27 08:37:08 | 000,000,758 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Schnittaufträge.lnk [2013.05.12 14:43:01 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD [2013.05.12 14:39:39 | 000,002,388 | ---- | C] () -- C:\Users\sh.HKM\Desktop\GS-Sport Training Gym Pro.lnk [2013.05.12 14:24:01 | 003,362,768 | ---- | C] () -- C:\Users\sh.HKM\Desktop\Crivit_GH625M.zip [2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012.11.26 14:58:14 | 000,000,279 | ---- | C] () -- C:\Windows\IMOSCAM.INI [2012.10.11 22:28:16 | 000,012,292 | ---- | C] () -- C:\Users\sh.HKM\.DS_Store [2012.08.22 22:48:45 | 000,000,058 | ---- | C] () -- C:\Users\sh.HKM\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2012.07.21 14:34:25 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012.06.25 20:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\cms.INI [2012.06.23 18:15:23 | 000,001,338 | RHS- | C] () -- C:\Users\sh.HKM\ntuser.pol [2012.06.23 18:14:34 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.06.22 14:16:53 | 000,000,389 | ---- | C] () -- C:\Windows\IMOSCAM_local.INI [2012.06.22 14:16:53 | 000,000,236 | ---- | C] () -- C:\Windows\IMOSR18.INI [2012.06.22 12:29:17 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.20 16:53:07 | 000,000,137 | ---- | C] () -- C:\Windows\ODBC.INI [2012.06.20 16:51:57 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.06.20 12:04:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.20 12:02:20 | 000,014,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.06.20 11:59:43 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011.08.30 07:25:09 | 014,173,184 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.08.30 06:21:25 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\sh.HKM\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.VISE Temp Items:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.TemporaryItems:AFP_AfpInfo @Alternate Data Stream - 64 bytes -> C:\.DS_Store:AFP_AfpInfo < End of report > |
|
10.06.2013, 18:33
| #9 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to Schick, dann jetzt Reste entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL log bitte. Noch Probleme? hast Du die Proxys in Firefox gesetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.06.2013, 17:09
| #10 |
| | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to hallo schrauber, der etes scan hat 8h gedauert, deshalb bin ich so spät. proxy is von mir. sonst is mir eigtl nichts mehr aufgefallen... ich hoffe mal das läuft so. vielen dank für deine hilfe! adware cleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 11/06/2013 um 07:46:35 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : sh - SHWIN7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\sh.HKM\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files\software4u
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
*************************
AdwCleaner[R1].txt - [4216 octets] - [11/06/2013 07:45:47]
AdwCleaner[S1].txt - [4155 octets] - [11/06/2013 07:46:35]
########## EOF - C:\AdwCleaner[S1].txt - [4215 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by sh on 11.06.2013 at 7:51:38,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\sh.HKM\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\sh.HKM\AppData\Roaming\software4u"
Successfully deleted: [Folder] "C:\Users\sh.HKM\appdata\locallow\sweetim"
~~~ FireFox
Successfully deleted: [File] C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\searchplugins\sweetim.xml
Emptied folder: C:\Users\sh.HKM\AppData\Roaming\mozilla\firefox\profiles\hs7o6e7f.default\minidumps [29 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2013 at 7:55:11,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a684da27f3875b468a2b85db0d8c41c9
# engine=14043
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 02:05:55
# local_time=2013-06-11 04:05:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 29778 122589405 0 0
# scanned=973901
# found=6
# cleaned=0
# scan_time=29069
sh=256772D87FE9AF977AD4B003BA1F61532BFFCDE4 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\$Recycle.Bin\S-1-5-21-829343884-2666764345-3519855931-1178\$R6EH6TL.js"
sh=56FC6D5F5AF5DB6521B4BA329D7C5FEC2A3CC645 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\Users\av6\Desktop\4roin.7z"
sh=5FA512E317DE89C7B528812F641BD9E11E11BB72 ft=1 fh=7b063cced2a1e6a9 vn="Win32/Reveton.R trojan" ac=I fn="C:\Users\sh.HKM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2e8e15bf-3bb6baef"
sh=EC8E46D931305E717EF9F6871A3D5F1A2B2EDA32 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.BMDLKQV trojan" ac=I fn="C:\Users\sh.HKM\Downloads\h5api.zip"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
|
|
11.06.2013, 19:28
| #11 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner Win7 Bootcampt vermutlich von kinox.toFixen mit OTL
Code:
ATTFilter :files
C:\$Recycle.Bin
C:\Users\av6\Desktop\4roin.7z
C:\Users\sh.HKM\Downloads\h5api.zip
:commands
[emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to |
| 7-zip, adobe reader xi, bluestacks, booten, firefox, flash player, geld, install.exe, logfile, mozilla, msiexec.exe, netzwerk, plug-in, popup, realtek, recycle.bin, registry, riskware.tool.ck, security, sketchup, software, svchost.exe, sweetpacks, trojan.agent.ge, trojan.agent.gen, trojan.fakems, visual studio, vollbildschirm, win32/agent.bmdlkqv, win32/reveton.r, windows |
Textbox. 
Linear-Darstellung
