![]() |
|
Log-Analyse und Auswertung: Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Hallo liebes Team, ich hoffe ihr könnt mir helfen, bin gerade wirklich am verzweifeln. Nachdem mein PC sich heute einige Male neu gestartet hatte und nach dem Neustart eine Meldung kam bezüglich eines unerwarteten Fehlers habe ich ein Systembackup machen wollen. Das Backup konnte ich leider nicht abschliessen und bekam die Fehelermeldung Fehler 0x81000037. Daraufhin habe ich mit Microsoft Security Essentials nen Scan gemacht und es wurde ein Trojaner namens Pws:win32... gefunden. Leider habe ich hier nicht aufgepasst und habe diesen leider entfernt anstelle von in Quarantäne verschieben wodurch ich den genauen Namen leider nicht mehr angeben kann. Daraufhin habe ich nochmals nen Scan gemacht und es wurde etwas mit dem Namen virtool:win32/ceeinject.gen!id gefunden. Mit Malwarebytes wurde nichts gefunden. Leider kenne ich mich nicht so gut aus und hoffe ihr könnt mir weiterhelfen. Hier mal alle Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.23.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 samy :: SAMY-PC [Administrator] 23.02.2013 23:42:30 mbam-log-2013-02-23 (23-42-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203672 Laufzeit: 2 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 23.02.2013 23:56:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samy\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 75,88% Memory free 16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 181,87 Gb Total Space | 133,37 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS Drive J: | 246,89 Gb Total Space | 214,97 Gb Free Space | 87,07% Space Free | Partition Type: NTFS Drive K: | 1397,26 Gb Total Space | 1263,26 Gb Free Space | 90,41% Space Free | Partition Type: NTFS Drive L: | 980,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\samy\AppData\Local\Akamai\netsession_win.exe ========== Modules (No Company Name) ========== MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.12 19:55:25 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.06 21:14:18 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.06.18 12:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.06.18 12:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.03.02 18:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.01 11:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=hp&babsrc=lnkry_nt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F 3F 49 18 70 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 19:22:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 19:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Extensions [2013.01.11 19:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Firefox\Profiles\8lvwitdi.default\extensions [2013.01.11 19:23:28 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\firefox\profiles\8lvwitdi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.01.11 19:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\samy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Tampermonkey = C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124_0\ CHR - Extension: YouTube to MP3 Converter = C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\samy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Shotty] C:\Programme\Shotty\Shotty.exe (hxxp://shotty.devs-on.net) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC096F7-45CB-4E12-85E9-024AA1570A67}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.08 01:45:00 | 000,000,175 | R--- | M] () - L:\autorun.inf -- [ UDF ] O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell - "" = AutoRun O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\AutoRun\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\configure\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\install\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.23 23:56:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe [2013.02.23 23:41:40 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Roaming\Malwarebytes [2013.02.23 23:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.23 23:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.23 23:41:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.23 23:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.23 23:40:43 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\Programs [2013.02.06 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{935FD0CE-5103-4D30-8439-2E604FB8C379} [2013.01.29 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{C27DB121-ACA7-475E-9A81-D112EE8DED4E} ========== Files - Modified Within 30 Days ========== [2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe [2013.02.23 23:48:27 | 000,000,168 | ---- | M] () -- C:\Users\samy\defogger_reenable [2013.02.23 23:41:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.23 23:23:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000UA.job [2013.02.23 21:58:12 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.23 21:58:12 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.23 21:55:17 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.23 21:55:17 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.23 21:55:17 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.23 21:55:17 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.23 21:55:17 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.23 21:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.23 21:50:46 | 414,670,434 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.23 21:50:46 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys [2013.02.23 09:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000Core.job [2013.02.20 22:33:39 | 000,000,059 | ---- | M] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini [2013.02.19 23:58:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.16 10:18:44 | 000,071,254 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt1.JPG [2013.02.16 10:18:03 | 000,070,766 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt.JPG [2013.02.14 07:05:50 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.02 18:22:00 | 000,002,358 | ---- | M] () -- C:\Users\samy\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.02.23 23:48:27 | 000,000,168 | ---- | C] () -- C:\Users\samy\defogger_reenable [2013.02.23 23:41:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.16 10:18:42 | 000,071,254 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt1.JPG [2013.02.16 10:18:02 | 000,070,766 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt.JPG [2012.10.21 19:26:27 | 000,000,059 | ---- | C] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini [2012.07.29 21:49:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.29 21:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.29 21:18:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.06 21:17:41 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\DAEMON Tools Lite [2013.01.16 20:18:36 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Fyahry [2013.01.11 19:26:57 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Ibfea [2013.01.11 19:57:42 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Mipiuw [2012.08.06 21:14:16 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\OpenCandy [2013.01.22 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\TS3Client [2013.02.18 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\UseNeXT [2012.08.29 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.02.2013 23:56:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samy\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 75,88% Memory free 16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 181,87 Gb Total Space | 133,37 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS Drive J: | 246,89 Gb Total Space | 214,97 Gb Free Space | 87,07% Space Free | Partition Type: NTFS Drive K: | 1397,26 Gb Total Space | 1263,26 Gb Free Space | 90,41% Space Free | Partition Type: NTFS Drive L: | 980,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F15225-E16A-4713-B9DF-33F1AD9CA705}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{048D1F88-7512-46AD-8000-43688957DC64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{07AB55F2-6CDB-4E46-89C8-FBDC8D533174}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{14DD3803-6F26-41FE-A7FC-C36751C7FB01}" = lport=137 | protocol=17 | dir=in | app=system | "{558CEAE5-0D92-4BDB-B022-CF53BFA2C162}" = lport=139 | protocol=6 | dir=in | app=system | "{72DEA8B3-BB07-4E4D-A2ED-CFE0A15DE958}" = rport=138 | protocol=17 | dir=out | app=system | "{7D31D475-B600-4290-B0FE-48C1A89AEDF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{823571E6-04C1-420E-9388-841A497FFE22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{85E32087-6681-41F8-8CD0-BD982F7E46E2}" = rport=139 | protocol=6 | dir=out | app=system | "{97CCB421-4066-4791-A0F3-D4E837E20080}" = lport=10243 | protocol=6 | dir=in | app=system | "{9EDBC558-C1DA-4D07-994A-8848E18405E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A1617044-6AA0-469E-9BEE-E4AB6FC153C3}" = rport=137 | protocol=17 | dir=out | app=system | "{A85EA74B-4AA7-4529-B19A-FDDBD4EE7144}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AF590DE8-A3C5-4921-84D2-56622DEFEEE8}" = lport=445 | protocol=6 | dir=in | app=system | "{B6CB3474-855A-47BB-810E-564D4A19A607}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3DC4704-EABE-4822-90A5-D093A63A6040}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5E6AAA3-E4C0-4DBE-8EA7-7948CEB567BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAAC9BA0-CC87-42C2-B4F8-FCFE6D81F7C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D4079088-CEBF-457C-BCBA-89FFD8C1760A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D6594916-A21F-49FA-94CB-A5E9544E7595}" = rport=445 | protocol=6 | dir=out | app=system | "{D7210C63-84F3-4AC6-BF3E-CA68D355BDAD}" = rport=10243 | protocol=6 | dir=out | app=system | "{E4EEF1FF-F65B-42AC-B367-9E8EF2F5E954}" = lport=138 | protocol=17 | dir=in | app=system | "{F09AB8F0-187E-4D59-97C4-8CEC2E6EEC3D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{FF6766DE-789B-4D81-A4FD-FFEDCF53282B}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0384B63C-8C8D-4D52-9AB3-60E87B16E8C0}" = protocol=6 | dir=out | app=system | "{06DBCE73-4118-4518-AED7-BA6A0C791E26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{0FBB02CD-9443-44B3-83C6-89E31E1FB143}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0FEB8371-A443-4814-8AEA-3B30D0C812C7}" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | "{1C5CE583-0162-4445-810C-F03586821B42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2CE1A38A-1993-4FBF-9DFC-14E524B7CB75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2D1D5302-ED89-4D1A-8569-60D84D61512F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{37099887-0BC0-4413-84E0-B9D1FDB3D243}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{371CE72E-7D54-45D4-AFE6-12A665201F72}" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | "{48E043F0-978D-4745-A082-0F14E5CE916F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4CC44CD5-401C-46C4-8400-1549B0D4B9C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{51C570A1-FEAF-488F-B70C-02B143763F6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A7067FF-3273-48D1-B249-C4E83B1EA037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{605BE319-8EBD-4E76-BBFF-43088531B016}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{653F1C6B-018B-485D-8181-217B6E316804}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{65F1042D-9DE2-43BE-B277-D37796B7BEEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{720D0018-537D-456D-8C98-4FA7096AFC59}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{76E21B9A-39F4-4658-A48B-C3AF92CADFC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7C61DD46-E055-4941-BA17-B4B8B7412862}" = protocol=58 | dir=in | app=system | "{8841CEBF-6F37-49EF-8A66-BF026EAAD5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8EBC49AE-8F31-4293-9A40-31840E555F55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9A7A542C-D947-431F-98BC-98386337D6AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A2BF3051-C7D8-47A5-99DF-C5896DF7FA89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC145854-5915-4C11-8E59-52E0D6F4DE20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AD1A0413-97EC-4B6C-8F7F-A05C5F47811B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B4ED0C98-9F08-4F87-8D2F-11AB8B6C7146}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B686FF35-57D2-4DE6-A0A8-FDE03927ED0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C7E8FB8A-A7DA-46AD-8F86-3980E172CA24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBB3BA63-F924-4CCE-A50D-257BE131CE7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CD0A95BB-CA21-4C94-B446-93516516B309}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D8CB7A4B-BB6F-4312-8DFA-3F34B0BA8E62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DFBD355B-0E06-47DE-8076-D0D4D1BCC0D2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E096242B-1C25-47DA-A35D-1CE8349B0271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB976E4E-AD03-4202-94B4-05E0D4140643}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{FE384036-FE29-487F-AD17-D5F019764600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{5B41A2B9-2FB9-45F0-BA67-839264AFC221}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | "TCP Query User{71C355E3-2C6B-4BBB-A9BA-57891CE31D67}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | "TCP Query User{728066D2-01D8-4BF1-9A02-905EB12E8B36}I:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=i:\guild wars 2\gw2.exe | "TCP Query User{7D3CD8F9-A8C3-4597-AF33-50856BF9490F}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "TCP Query User{D12140EF-FF88-48C6-889E-8E4B14598376}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{17F37F4D-A75B-428F-A096-CFA29F9AFD60}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{20C4E0D4-E176-4219-B6A2-F0CE5335BBA2}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | "UDP Query User{3ECAB189-A163-4E1E-B9D2-62D46313ACC0}I:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=i:\guild wars 2\gw2.exe | "UDP Query User{75BAC315-B38E-463F-A202-F64861CE0DF8}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{836DE1FD-7649-48BA-AE7A-806861F413AD}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs "{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "2e730c18-03e8-4d1d-8fc2-0ee3ea04a765" = Shotty - Kleines aber eindrucksvolles Screenshot Tool "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional "{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5 "{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English "{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy "{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All "{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common "{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai "{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese "{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish "{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian "{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish "{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 12 Professional Demo "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian "{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision "{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "Goodnight Timer_is1" = Goodnight Timer 1.1 "Guild Wars 2" = Guild Wars 2 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "TeamSpeak 3 Client" = TeamSpeak 3 Client "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 0.9.9 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Google Chrome" = Google Chrome "SOE-DC Universe Online Live" = DC Universe Online Live "SOE-DC Universe Online Live PSG" = DC Universe Online Live ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.02.2013 04:55:26 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 11.02.2013 11:45:03 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 12.02.2013 12:51:11 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 13.02.2013 02:08:04 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 13.02.2013 12:00:22 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 14.02.2013 02:07:13 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 14.02.2013 16:04:33 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 15.02.2013 12:10:46 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 16.02.2013 04:02:19 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 17.02.2013 04:19:42 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 23.02.2013 04:06:48 | Computer Name = samy-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?02.?2013 um 09:04:02 unerwartet heruntergefahren. Error - 23.02.2013 04:06:51 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001 Description = Error - 23.02.2013 05:22:06 | Computer Name = samy-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?02.?2013 um 10:00:05 unerwartet heruntergefahren. Error - 23.02.2013 05:22:06 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001 Description = Error - 23.02.2013 16:51:04 | Computer Name = samy-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?02.?2013 um 21:48:51 unerwartet heruntergefahren. Error - 23.02.2013 16:51:08 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001 Description = Error - 23.02.2013 16:51:21 | Computer Name = samy-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 23.02.2013 16:51:21 | Computer Name = samy-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 23.02.2013 16:51:22 | Computer Name = samy-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 23.02.2013 16:51:23 | Computer Name = samy-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. < End of report > Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net Rootkit scan 2013-02-24 00:28:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.JP4O 931,51GB Running: gmer_2.1.19081.exe; Driver: C:\Users\samy\AppData\Local\Temp\kxldypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\svchost.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Windows\SysWOW64\svchost.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\Desktop\OTL.exe[4540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\Desktop\OTL.exe[4540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [4208] entry point in ".rdata" section 00000000749271e6 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007783f991 7 bytes {MOV EDX, 0x71c228; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007783fbd5 7 bytes {MOV EDX, 0x71c268; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007783fc05 7 bytes {MOV EDX, 0x71c1a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007783fc1d 7 bytes {MOV EDX, 0x71c128; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007783fc35 7 bytes {MOV EDX, 0x71c328; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007783fc65 7 bytes {MOV EDX, 0x71c368; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007783fce5 7 bytes {MOV EDX, 0x71c2e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007783fcfd 7 bytes {MOV EDX, 0x71c2a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007783fd49 7 bytes {MOV EDX, 0x71c068; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007783fe41 7 bytes {MOV EDX, 0x71c0a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077840099 7 bytes {MOV EDX, 0x71c028; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778410a5 7 bytes {MOV EDX, 0x71c1e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007784111d 7 bytes {MOV EDX, 0x71c168; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077841321 7 bytes {MOV EDX, 0x71c0e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007783f991 7 bytes {MOV EDX, 0xcb4228; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007783fbd5 7 bytes {MOV EDX, 0xcb4268; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007783fc05 7 bytes {MOV EDX, 0xcb41a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007783fc1d 7 bytes {MOV EDX, 0xcb4128; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007783fc35 7 bytes {MOV EDX, 0xcb4328; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007783fc65 7 bytes {MOV EDX, 0xcb4368; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007783fce5 7 bytes {MOV EDX, 0xcb42e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007783fcfd 7 bytes {MOV EDX, 0xcb42a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007783fd49 7 bytes {MOV EDX, 0xcb4068; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007783fe41 7 bytes {MOV EDX, 0xcb40a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077840099 7 bytes {MOV EDX, 0xcb4028; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778410a5 7 bytes {MOV EDX, 0xcb41e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007784111d 7 bytes {MOV EDX, 0xcb4168; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077841321 7 bytes {MOV EDX, 0xcb40e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007783f991 7 bytes {MOV EDX, 0xc96e28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007783fbd5 7 bytes {MOV EDX, 0xc96e68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007783fc05 7 bytes {MOV EDX, 0xc96da8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007783fc1d 7 bytes {MOV EDX, 0xc96d28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007783fc35 7 bytes {MOV EDX, 0xc96f28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007783fc65 7 bytes {MOV EDX, 0xc96f68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007783fce5 7 bytes {MOV EDX, 0xc96ee8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007783fcfd 7 bytes {MOV EDX, 0xc96ea8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007783fd49 7 bytes {MOV EDX, 0xc96c68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007783fe41 7 bytes {MOV EDX, 0xc96ca8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077840099 7 bytes {MOV EDX, 0xc96c28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778410a5 7 bytes {MOV EDX, 0xc96de8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007784111d 7 bytes {MOV EDX, 0xc96d68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077841321 7 bytes {MOV EDX, 0xc96ce8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007783f991 7 bytes {MOV EDX, 0x571a28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007783fbd5 7 bytes {MOV EDX, 0x571a68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007783fc05 7 bytes {MOV EDX, 0x5719a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007783fc1d 7 bytes {MOV EDX, 0x571928; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007783fc35 7 bytes {MOV EDX, 0x571b28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007783fc65 7 bytes {MOV EDX, 0x571b68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007783fce5 7 bytes {MOV EDX, 0x571ae8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007783fcfd 7 bytes {MOV EDX, 0x571aa8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007783fd49 7 bytes {MOV EDX, 0x571868; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007783fe41 7 bytes {MOV EDX, 0x5718a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077840099 7 bytes {MOV EDX, 0x571828; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778410a5 7 bytes {MOV EDX, 0x5719e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007784111d 7 bytes {MOV EDX, 0x571968; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077841321 7 bytes {MOV EDX, 0x5718e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 ---- EOF - GMER 2.1 ---- |
Themen zu Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 |
akamai, autorun, bho, bonjour, converter, error, explorer, fehler, firefox, format, homepage, install.exe, logfile, mozilla, mp3, ntdll.dll, office 2007, plug-in, registry, rundll, scan, security, senden, software, svchost.exe, teamspeak, temp, trojaner, udp, vdeck.exe |