| Genotron | 02.07.2013 13:56 |
Die Exe war definitv Malware.
Ich habe keine Scans diesbezüglich, da ich sofort den Stecker gezogen habe nachdem ich auf die häfte meiner Shell extensions, inklusive copy & paste, nicht mehr zugreifen konnte, der Bildschirm flackerte und die Rechnerauslastung auf max ging.
Dannach habe ich das System neu aufgesetzt
Das hier ist ein frisches win7 64
mit Chrome, Winrar, nem suchprogramm und Display/Wlan treibern ;)
Das mache ich auch ohne zu zögern wieder platt.
Es geht mir hauptsächlich darum, ob sich auf der externen Festplatte zeug befindet, welches sich weiterverbreitet.
Im Anhang Logs vom aktuellen! System.
Lg
/edit, okay via Code
defogger gab keine Warnungen aus
otl extras Code:
OTL Extras logfile created on: 02.07.2013 14:32:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Genotron.Genotron-Laptop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,75 Gb Total Physical Memory | 4,84 Gb Available Physical Memory | 84,20% Memory free
11,49 Gb Paging File | 10,45 Gb Available in Paging File | 90,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 97,93 Gb Free Space | 82,20% Space Free | Partition Type: NTFS
Drive F: | 2794,39 Gb Total Space | 1694,72 Gb Free Space | 60,65% Space Free | Partition Type: NTFS
Computer Name: GENOTRON-LAPTOP | User Name: Genotron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- Reg Error: Key error.
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- Reg Error: Key error.
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F6306D6-FB66-10D2-D474-5ADE4D57EE6B}" = AMD Fuel
"{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding
"{2BFD590F-1D73-3533-E734-FDDAC3746E4A}" = AMD Catalyst Install Manager
"{4161341F-AE84-E404-4291-4E0322CCE809}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{7FD0FD0D-AC40-A3BF-F2D4-54EFEDB0008F}" = AMD Drag and Drop Transcoding
"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9DAABC60-A5EF-41FF-B2B9-17329590CD5}" = REALTEK Wireless LAN Driver
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"7-Zip" = 7-Zip 4.65
"CCleaner" = CCleaner
"Driver Genius_is1" = Driver Genius
"Everything" = Everything 1.2.1.371
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"Notepad++" = Notepad++
========== Last 20 Event Log Errors ==========
[ ACEEventLog Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
< End of report >
otl Code:
OTL logfile created on: 02.07.2013 14:32:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Genotron.Genotron-Laptop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,75 Gb Total Physical Memory | 4,84 Gb Available Physical Memory | 84,20% Memory free
11,49 Gb Paging File | 10,45 Gb Available in Paging File | 90,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 97,93 Gb Free Space | 82,20% Space Free | Partition Type: NTFS
Drive F: | 2794,39 Gb Total Space | 1694,72 Gb Free Space | 60,65% Space Free | Partition Type: NTFS
Computer Name: GENOTRON-LAPTOP | User Name: Genotron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.02 14:31:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Genotron.Genotron-Laptop\Downloads\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.11.16 22:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.11.16 15:27:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.05.02 17:46:36 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013.04.10 11:09:24 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.11.16 23:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.11.16 21:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.10.11 22:49:10 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.10.11 22:49:08 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012.08.28 14:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 EE 3D FC A6 76 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
[2013.07.01 23:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - Extension: Art Project, powered by Google = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjiaooblldgcephecfcafbmckcfeep\0.0.0.4_0\
CHR - Extension: Entanglement = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0\.bak
CHR - Extension: Google Docs = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\
CHR - Extension: YouTube = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: AdBlock+ = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\
CHR - Extension: Gun Bros = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh\2.0.2_0\
CHR - Extension: Google-Suche = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0\
CHR - Extension: Mailto: for Gmail\u2122 = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn\2.4_0\
CHR - Extension: Realm of the Mad God = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Pixlr-o-matic = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
CHR - Extension: Pendule = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkffbkamcejhkcaocmkdeiiccpmjfdi\1.0.0_0\
CHR - Extension: Chain Reaction = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
CHR - Extension: Privacy manager = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\giccehglhacakcfemddmfhdkahamfcmd\2.6_0\
CHR - Extension: AdBlock = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: SuperSorter = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij\0.4.4_0\
CHR - Extension: Pixlr Express = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid\1.2_0\
CHR - Extension: Stealthy = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0\
CHR - Extension: Faerie Alchemy HD = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\imdilajngppdgdbemeighbingnbmpnpl\1.1.3.7_0\
CHR - Extension: Canabalt - HD Version = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkempgfofnfmanpnnhiojeadfhhleicd\1_0\
CHR - Extension: Yulia Brodskaya = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko\2_0\
CHR - Extension: Image-Eigenschaften Kontext-Men\u00FC = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.6_0\
CHR - Extension: Sinuous = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Sand = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknckljjbdpkhgmcokoahffbdinafbo\1.3_0\
CHR - Extension: Page Monitor = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd\3.2.10_0\
CHR - Extension: Psykopaint = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Google Mail = C:\Users\Genotron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F6E24EC-5A95-4CA6-9634-99F2F85CA06C}: DhcpNameServer = 10.0.0.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.06.21 22:08:33 | 000,000,022 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.02 08:59:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.07.02 08:13:42 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\AMD
[2013.07.02 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\ATI
[2013.07.02 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\ATI
[2013.07.02 08:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.07.02 08:11:54 | 000,430,080 | ---- | C] (Realtek) -- C:\Windows\SwUSB.exe
[2013.07.02 08:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
[2013.07.02 08:09:58 | 000,849,992 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.07.02 08:09:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.07.02 08:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.07.02 08:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.07.02 08:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.07.02 08:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.07.02 08:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.07.02 08:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.07.02 08:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013.07.02 08:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.07.02 08:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.07.02 08:07:15 | 000,514,048 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.07.02 08:07:15 | 000,238,080 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.07.02 08:07:15 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.07.02 08:07:15 | 000,069,632 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.7.dll
[2013.07.02 08:07:15 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.07.02 00:25:19 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\DivX
[2013.07.02 00:25:18 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Media Player Classic
[2013.07.02 00:10:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.07.02 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
[2013.07.02 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\WinRAR
[2013.07.02 00:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.07.02 00:05:01 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\Google
[2013.07.02 00:04:56 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\Apps
[2013.07.02 00:04:55 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\Deployment
[2013.07.02 00:04:07 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.07.02 00:04:07 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Searches
[2013.07.02 00:04:07 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.07.02 00:04:07 | 000,000,000 | -H-D | C] -- C:\Users\Genotron.Genotron-Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013.07.02 00:04:01 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Identities
[2013.07.02 00:04:00 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Contacts
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\Temporary Internet Files
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Templates
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Start Menu
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\SendTo
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Recent
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\PrintHood
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\NetHood
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Documents\My Videos
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Documents\My Pictures
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Documents\My Music
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\My Documents
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Local Settings
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\History
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Cookies
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\Application Data
[2013.07.02 00:03:55 | 000,000,000 | -HSD | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\Application Data
[2013.07.02 00:03:54 | 000,000,000 | --SD | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Microsoft
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Videos
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Saved Games
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Pictures
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Music
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Links
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Favorites
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Downloads
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Documents
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\Desktop
[2013.07.02 00:03:54 | 000,000,000 | R--D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.07.02 00:03:54 | 000,000,000 | -H-D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData
[2013.07.02 00:03:54 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\Temp
[2013.07.02 00:03:54 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Local\Microsoft
[2013.07.02 00:03:54 | 000,000,000 | ---D | C] -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Media Center Programs
[2013.07.01 23:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.07.01 23:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.07.01 23:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2013.07.01 23:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2013.07.01 23:22:12 | 000,000,000 | ---D | C] -- C:\AMD
[2013.07.01 23:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013.07.01 23:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.07.01 23:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.07.01 23:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.01 23:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2013.07.01 23:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.07.01 23:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.07.01 23:04:46 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2013.07.01 23:04:44 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2013.07.01 23:04:44 | 000,287,744 | ---- | C] (Kristal StudioD��FileDescription) -- C:\Windows\SysWow64\divxa32.acm
[2013.07.01 23:04:44 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.07.01 23:04:44 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2013.07.01 23:04:44 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\huffyuv.dll
[2013.07.01 23:04:43 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2013.07.01 23:04:43 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2013.07.01 23:04:42 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx.dll
[2013.07.01 23:04:42 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2013.07.01 23:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013.07.01 23:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.07.01 23:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.07.01 23:04:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.07.01 23:02:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.07.01 22:59:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2013.07.02 14:31:35 | 000,000,000 | ---- | M] () -- C:\Users\Genotron.Genotron-Laptop\defogger_reenable
[2013.07.02 14:10:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.02 14:01:31 | 000,021,384 | ---- | M] () -- C:\Users\Genotron.Genotron-Laptop\Desktop\NICHT AUSFÜHREN.rar
[2013.07.02 13:33:46 | 000,713,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.02 13:33:46 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.02 13:33:46 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.02 13:29:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.02 13:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.02 13:29:20 | 334,098,431 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.02 12:04:33 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 12:04:33 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 08:13:24 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.07.02 08:03:06 | 000,002,291 | ---- | M] () -- C:\Users\Genotron.Genotron-Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.07.02 00:08:26 | 000,001,227 | ---- | M] () -- C:\Users\Genotron.Genotron-Laptop\Desktop\Driver Genius.lnk
[2013.07.02 00:07:50 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013.07.02 00:06:54 | 000,001,045 | ---- | M] () -- C:\Users\Genotron.Genotron-Laptop\Desktop\Search Everything.lnk
[2013.07.02 00:05:21 | 000,002,267 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.02 00:04:37 | 000,001,455 | ---- | M] () -- C:\Users\Genotron.Genotron-Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.07.01 23:04:31 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2013.07.01 23:02:38 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.07.01 23:02:38 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.07.01 23:01:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.07.01 22:59:54 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.07.02 14:31:35 | 000,000,000 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\defogger_reenable
[2013.07.02 14:01:31 | 000,021,384 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\Desktop\NICHT AUSFÜHREN.rar
[2013.07.02 08:13:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.07.02 08:11:54 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013.07.02 08:11:54 | 000,036,864 | ---- | C] () -- C:\Windows\runSW.exe
[2013.07.02 08:07:15 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.07.02 08:07:15 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.07.02 08:07:15 | 000,618,823 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013.07.02 08:07:15 | 000,245,944 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013.07.02 08:07:15 | 000,245,944 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.07.02 08:07:15 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.07.02 08:07:15 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2013.07.02 08:07:15 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.07.02 08:07:15 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2013.07.02 08:07:15 | 000,038,177 | ---- | C] () -- C:\Windows\atiogl.xml
[2013.07.02 08:07:15 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013.07.02 08:07:15 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2013.07.02 00:08:26 | 000,001,227 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\Desktop\Driver Genius.lnk
[2013.07.02 00:07:50 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013.07.02 00:06:54 | 000,001,045 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\Desktop\Search Everything.lnk
[2013.07.02 00:05:22 | 000,002,291 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.07.02 00:05:21 | 000,002,267 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.02 00:05:02 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.02 00:05:01 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.02 00:04:37 | 000,001,455 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.07.02 00:04:12 | 000,001,421 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.07.02 00:04:09 | 000,001,461 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.07.02 00:03:54 | 000,000,290 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013.07.02 00:03:54 | 000,000,272 | ---- | C] () -- C:\Users\Genotron.Genotron-Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013.07.01 23:04:45 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.07.01 23:04:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013.07.01 23:04:44 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2013.07.01 23:04:43 | 002,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2013.07.01 23:04:43 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.07.01 23:04:43 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.07.01 23:04:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2013.07.01 23:04:40 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.07.01 23:04:31 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2013.07.01 23:02:34 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.07.01 23:02:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.07.01 23:01:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.07.01 22:59:49 | 000,274,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.01 22:59:43 | 334,098,431 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.01.21 19:25:54 | 014,161,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
< End of report >
gmer Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-02 14:44:29
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000060 SanDisk_ rev.2.0. 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Genotron.Genotron-Laptop\AppData\Local\Temp\kwxcruow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000121c00 7 bytes [00, 98, F3, FF, 01, A3, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000121c08 3 bytes [C0, 06, 02]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9de4950
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9de4950 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
Lesestoff: