Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037


Log-Analyse und Auswertung: Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.02.2013, 00:49   #1
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037


Hallo liebes Team,

ich hoffe ihr könnt mir helfen, bin gerade wirklich am verzweifeln.

Nachdem mein PC sich heute einige Male neu gestartet hatte und nach dem Neustart eine Meldung kam bezüglich eines unerwarteten Fehlers habe ich ein Systembackup machen wollen. Das Backup konnte ich leider nicht abschliessen und bekam die Fehelermeldung Fehler 0x81000037. Daraufhin habe ich mit Microsoft Security Essentials nen Scan gemacht und es wurde ein Trojaner namens Pws:win32... gefunden. Leider habe ich hier nicht aufgepasst und habe diesen leider entfernt anstelle von in Quarantäne verschieben wodurch ich den genauen Namen leider nicht mehr angeben kann.
Daraufhin habe ich nochmals nen Scan gemacht und es wurde etwas mit dem Namen virtool:win32/ceeinject.gen!id gefunden.

Mit Malwarebytes wurde nichts gefunden. Leider kenne ich mich nicht so gut aus und hoffe ihr könnt mir weiterhelfen.

Hier mal alle Logs:

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
samy :: SAMY-PC [Administrator]

23.02.2013 23:42:30
mbam-log-2013-02-23 (23-42-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203672
Laufzeit: 2 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL.txt:
Code:
ATTFilter
OTL logfile created on: 23.02.2013 23:56:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 75,88% Memory free
16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 181,87 Gb Total Space | 133,37 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS
Drive J: | 246,89 Gb Total Space | 214,97 Gb Free Space | 87,07% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1263,26 Gb Free Space | 90,41% Space Free | Partition Type: NTFS
Drive L: | 980,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\samy\AppData\Local\Akamai\netsession_win.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.12 19:55:25 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.06 21:14:18 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.18 12:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.06.18 12:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.03.02 18:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 11:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F 3F 49 18 70 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 19:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.11 19:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Extensions
[2013.01.11 19:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Firefox\Profiles\8lvwitdi.default\extensions
[2013.01.11 19:23:28 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\firefox\profiles\8lvwitdi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.11 19:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\samy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Tampermonkey = C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124_0\
CHR - Extension: YouTube to MP3 Converter = C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\samy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Shotty] C:\Programme\Shotty\Shotty.exe (hxxp://shotty.devs-on.net)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC096F7-45CB-4E12-85E9-024AA1570A67}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.08 01:45:00 | 000,000,175 | R--- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell - "" = AutoRun
O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\AutoRun\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\configure\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\install\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 23:56:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe
[2013.02.23 23:41:40 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Roaming\Malwarebytes
[2013.02.23 23:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.23 23:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 23:41:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.23 23:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.23 23:40:43 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\Programs
[2013.02.06 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{935FD0CE-5103-4D30-8439-2E604FB8C379}
[2013.01.29 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{C27DB121-ACA7-475E-9A81-D112EE8DED4E}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe
[2013.02.23 23:48:27 | 000,000,168 | ---- | M] () -- C:\Users\samy\defogger_reenable
[2013.02.23 23:41:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.23 23:23:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000UA.job
[2013.02.23 21:58:12 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 21:58:12 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 21:55:17 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 21:55:17 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 21:55:17 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 21:55:17 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 21:55:17 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 21:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 21:50:46 | 414,670,434 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.23 21:50:46 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 09:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000Core.job
[2013.02.20 22:33:39 | 000,000,059 | ---- | M] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini
[2013.02.19 23:58:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.16 10:18:44 | 000,071,254 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt1.JPG
[2013.02.16 10:18:03 | 000,070,766 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt.JPG
[2013.02.14 07:05:50 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.02 18:22:00 | 000,002,358 | ---- | M] () -- C:\Users\samy\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.23 23:48:27 | 000,000,168 | ---- | C] () -- C:\Users\samy\defogger_reenable
[2013.02.23 23:41:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.16 10:18:42 | 000,071,254 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt1.JPG
[2013.02.16 10:18:02 | 000,070,766 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt.JPG
[2012.10.21 19:26:27 | 000,000,059 | ---- | C] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini
[2012.07.29 21:49:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.29 21:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.29 21:18:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.06 21:17:41 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\DAEMON Tools Lite
[2013.01.16 20:18:36 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Fyahry
[2013.01.11 19:26:57 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Ibfea
[2013.01.11 19:57:42 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Mipiuw
[2012.08.06 21:14:16 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\OpenCandy
[2013.01.22 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\TS3Client
[2013.02.18 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\UseNeXT
[2012.08.29 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
Extra.txt:
Code:
ATTFilter
OTL Extras logfile created on: 23.02.2013 23:56:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 75,88% Memory free
16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 181,87 Gb Total Space | 133,37 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS
Drive J: | 246,89 Gb Total Space | 214,97 Gb Free Space | 87,07% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1263,26 Gb Free Space | 90,41% Space Free | Partition Type: NTFS
Drive L: | 980,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F15225-E16A-4713-B9DF-33F1AD9CA705}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{048D1F88-7512-46AD-8000-43688957DC64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{07AB55F2-6CDB-4E46-89C8-FBDC8D533174}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{14DD3803-6F26-41FE-A7FC-C36751C7FB01}" = lport=137 | protocol=17 | dir=in | app=system | 
"{558CEAE5-0D92-4BDB-B022-CF53BFA2C162}" = lport=139 | protocol=6 | dir=in | app=system | 
"{72DEA8B3-BB07-4E4D-A2ED-CFE0A15DE958}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7D31D475-B600-4290-B0FE-48C1A89AEDF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{823571E6-04C1-420E-9388-841A497FFE22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85E32087-6681-41F8-8CD0-BD982F7E46E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{97CCB421-4066-4791-A0F3-D4E837E20080}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9EDBC558-C1DA-4D07-994A-8848E18405E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1617044-6AA0-469E-9BEE-E4AB6FC153C3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A85EA74B-4AA7-4529-B19A-FDDBD4EE7144}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AF590DE8-A3C5-4921-84D2-56622DEFEEE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B6CB3474-855A-47BB-810E-564D4A19A607}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3DC4704-EABE-4822-90A5-D093A63A6040}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5E6AAA3-E4C0-4DBE-8EA7-7948CEB567BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAAC9BA0-CC87-42C2-B4F8-FCFE6D81F7C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D4079088-CEBF-457C-BCBA-89FFD8C1760A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6594916-A21F-49FA-94CB-A5E9544E7595}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D7210C63-84F3-4AC6-BF3E-CA68D355BDAD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E4EEF1FF-F65B-42AC-B367-9E8EF2F5E954}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F09AB8F0-187E-4D59-97C4-8CEC2E6EEC3D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FF6766DE-789B-4D81-A4FD-FFEDCF53282B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0384B63C-8C8D-4D52-9AB3-60E87B16E8C0}" = protocol=6 | dir=out | app=system | 
"{06DBCE73-4118-4518-AED7-BA6A0C791E26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0FBB02CD-9443-44B3-83C6-89E31E1FB143}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0FEB8371-A443-4814-8AEA-3B30D0C812C7}" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | 
"{1C5CE583-0162-4445-810C-F03586821B42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CE1A38A-1993-4FBF-9DFC-14E524B7CB75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2D1D5302-ED89-4D1A-8569-60D84D61512F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{37099887-0BC0-4413-84E0-B9D1FDB3D243}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{371CE72E-7D54-45D4-AFE6-12A665201F72}" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | 
"{48E043F0-978D-4745-A082-0F14E5CE916F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4CC44CD5-401C-46C4-8400-1549B0D4B9C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{51C570A1-FEAF-488F-B70C-02B143763F6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A7067FF-3273-48D1-B249-C4E83B1EA037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{605BE319-8EBD-4E76-BBFF-43088531B016}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{653F1C6B-018B-485D-8181-217B6E316804}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65F1042D-9DE2-43BE-B277-D37796B7BEEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{720D0018-537D-456D-8C98-4FA7096AFC59}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{76E21B9A-39F4-4658-A48B-C3AF92CADFC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7C61DD46-E055-4941-BA17-B4B8B7412862}" = protocol=58 | dir=in | app=system | 
"{8841CEBF-6F37-49EF-8A66-BF026EAAD5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8EBC49AE-8F31-4293-9A40-31840E555F55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9A7A542C-D947-431F-98BC-98386337D6AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A2BF3051-C7D8-47A5-99DF-C5896DF7FA89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC145854-5915-4C11-8E59-52E0D6F4DE20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD1A0413-97EC-4B6C-8F7F-A05C5F47811B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4ED0C98-9F08-4F87-8D2F-11AB8B6C7146}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B686FF35-57D2-4DE6-A0A8-FDE03927ED0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7E8FB8A-A7DA-46AD-8F86-3980E172CA24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBB3BA63-F924-4CCE-A50D-257BE131CE7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CD0A95BB-CA21-4C94-B446-93516516B309}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D8CB7A4B-BB6F-4312-8DFA-3F34B0BA8E62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DFBD355B-0E06-47DE-8076-D0D4D1BCC0D2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E096242B-1C25-47DA-A35D-1CE8349B0271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB976E4E-AD03-4202-94B4-05E0D4140643}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FE384036-FE29-487F-AD17-D5F019764600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{5B41A2B9-2FB9-45F0-BA67-839264AFC221}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | 
"TCP Query User{71C355E3-2C6B-4BBB-A9BA-57891CE31D67}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{728066D2-01D8-4BF1-9A02-905EB12E8B36}I:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=i:\guild wars 2\gw2.exe | 
"TCP Query User{7D3CD8F9-A8C3-4597-AF33-50856BF9490F}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"TCP Query User{D12140EF-FF88-48C6-889E-8E4B14598376}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{17F37F4D-A75B-428F-A096-CFA29F9AFD60}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{20C4E0D4-E176-4219-B6A2-F0CE5335BBA2}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | 
"UDP Query User{3ECAB189-A163-4E1E-B9D2-62D46313ACC0}I:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=i:\guild wars 2\gw2.exe | 
"UDP Query User{75BAC315-B38E-463F-A202-F64861CE0DF8}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{836DE1FD-7649-48BA-AE7A-806861F413AD}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs
"{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2e730c18-03e8-4d1d-8fc2-0ee3ea04a765" = Shotty - Kleines aber eindrucksvolles Screenshot Tool
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5
"{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English
"{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy
"{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All
"{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common
"{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai
"{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese
"{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish
"{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian
"{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish
"{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 12 Professional Demo
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian
"{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2013 04:55:26 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2013 11:45:03 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.02.2013 12:51:11 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 02:08:04 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 12:00:22 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2013 02:07:13 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2013 16:04:33 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.02.2013 12:10:46 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.02.2013 04:02:19 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.02.2013 04:19:42 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.02.2013 04:06:48 | Computer Name = samy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?02.?2013 um 09:04:02 unerwartet heruntergefahren.
 
Error - 23.02.2013 04:06:51 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.02.2013 05:22:06 | Computer Name = samy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?02.?2013 um 10:00:05 unerwartet heruntergefahren.
 
Error - 23.02.2013 05:22:06 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.02.2013 16:51:04 | Computer Name = samy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?02.?2013 um 21:48:51 unerwartet heruntergefahren.
 
Error - 23.02.2013 16:51:08 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.02.2013 16:51:21 | Computer Name = samy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 23.02.2013 16:51:21 | Computer Name = samy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 23.02.2013 16:51:22 | Computer Name = samy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 23.02.2013 16:51:23 | Computer Name = samy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
 
< End of report >
Gmer:
Code:
ATTFilter
GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-24 00:28:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.JP4O 931,51GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\samy\AppData\Local\Temp\kxldypob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\svchost.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000777f1465 2 bytes [7F, 77]
.text  C:\Windows\SysWOW64\svchost.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\Desktop\OTL.exe[4540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                         00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\Desktop\OTL.exe[4540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                        00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
?      C:\Windows\system32\mssprxy.dll [4208] entry point in ".rdata" section                                                              00000000749271e6
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     000000007783f991 7 bytes {MOV EDX, 0x71c228; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          000000007783fbd5 7 bytes {MOV EDX, 0x71c268; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              000000007783fc05 7 bytes {MOV EDX, 0x71c1a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       000000007783fc1d 7 bytes {MOV EDX, 0x71c128; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         000000007783fc35 7 bytes {MOV EDX, 0x71c328; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       000000007783fc65 7 bytes {MOV EDX, 0x71c368; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        000000007783fce5 7 bytes {MOV EDX, 0x71c2e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       000000007783fcfd 7 bytes {MOV EDX, 0x71c2a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 000000007783fd49 7 bytes {MOV EDX, 0x71c068; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      000000007783fe41 7 bytes {MOV EDX, 0x71c0a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077840099 7 bytes {MOV EDX, 0x71c028; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         00000000778410a5 7 bytes {MOV EDX, 0x71c1e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               000000007784111d 7 bytes {MOV EDX, 0x71c168; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077841321 7 bytes {MOV EDX, 0x71c0e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5      000000007783f991 7 bytes {MOV EDX, 0xcb4228; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5           000000007783fbd5 7 bytes {MOV EDX, 0xcb4268; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5               000000007783fc05 7 bytes {MOV EDX, 0xcb41a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5        000000007783fc1d 7 bytes {MOV EDX, 0xcb4128; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5          000000007783fc35 7 bytes {MOV EDX, 0xcb4328; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5        000000007783fc65 7 bytes {MOV EDX, 0xcb4368; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5         000000007783fce5 7 bytes {MOV EDX, 0xcb42e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5        000000007783fcfd 7 bytes {MOV EDX, 0xcb42a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                  000000007783fd49 7 bytes {MOV EDX, 0xcb4068; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5       000000007783fe41 7 bytes {MOV EDX, 0xcb40a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                0000000077840099 7 bytes {MOV EDX, 0xcb4028; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5          00000000778410a5 7 bytes {MOV EDX, 0xcb41e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                000000007784111d 7 bytes {MOV EDX, 0xcb4168; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5   0000000077841321 7 bytes {MOV EDX, 0xcb40e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     000000007783f991 7 bytes {MOV EDX, 0xc96e28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          000000007783fbd5 7 bytes {MOV EDX, 0xc96e68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              000000007783fc05 7 bytes {MOV EDX, 0xc96da8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       000000007783fc1d 7 bytes {MOV EDX, 0xc96d28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         000000007783fc35 7 bytes {MOV EDX, 0xc96f28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       000000007783fc65 7 bytes {MOV EDX, 0xc96f68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        000000007783fce5 7 bytes {MOV EDX, 0xc96ee8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       000000007783fcfd 7 bytes {MOV EDX, 0xc96ea8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 000000007783fd49 7 bytes {MOV EDX, 0xc96c68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      000000007783fe41 7 bytes {MOV EDX, 0xc96ca8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077840099 7 bytes {MOV EDX, 0xc96c28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         00000000778410a5 7 bytes {MOV EDX, 0xc96de8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               000000007784111d 7 bytes {MOV EDX, 0xc96d68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077841321 7 bytes {MOV EDX, 0xc96ce8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     000000007783f991 7 bytes {MOV EDX, 0x571a28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          000000007783fbd5 7 bytes {MOV EDX, 0x571a68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              000000007783fc05 7 bytes {MOV EDX, 0x5719a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       000000007783fc1d 7 bytes {MOV EDX, 0x571928; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         000000007783fc35 7 bytes {MOV EDX, 0x571b28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       000000007783fc65 7 bytes {MOV EDX, 0x571b68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        000000007783fce5 7 bytes {MOV EDX, 0x571ae8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       000000007783fcfd 7 bytes {MOV EDX, 0x571aa8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 000000007783fd49 7 bytes {MOV EDX, 0x571868; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      000000007783fe41 7 bytes {MOV EDX, 0x5718a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077840099 7 bytes {MOV EDX, 0x571828; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         00000000778410a5 7 bytes {MOV EDX, 0x5719e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               000000007784111d 7 bytes {MOV EDX, 0x571968; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077841321 7 bytes {MOV EDX, 0x5718e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2

---- EOF - GMER 2.1 ----

 

Themen zu Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037
akamai, autorun, bho, bonjour, converter, error, explorer, fehler, firefox, format, homepage, install.exe, logfile, mozilla, mp3, ntdll.dll, office 2007, plug-in, registry, rundll, scan, security, senden, software, svchost.exe, teamspeak, temp, trojaner, udp, vdeck.exe


« Downloadtrojaner gefunden (Win32/Dofoil.R) | 2 Probleme mit Alienware M17xR3 »


Ähnliche Themen: Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037


  1. Win32:Malware-gen, Win32:Adware-gen, Win32:rookit-gen können nicht gelöscht werden
    Log-Analyse und Auswertung - 17.11.2015 (16)
  2. PC langsam, hängt sich beim Surfen auf, Bluescreen, Advanced System Protector, Win32:Dropper-gen, Win32:Malware-gen, Win32:Rootkit-gen u.a.
    Log-Analyse und Auswertung - 07.02.2015 (12)
  3. Virus: virtool:win32/obfuscator.xz entfernen Hilfe?
    Log-Analyse und Auswertung - 03.02.2015 (86)
  4. Windows 7, Habe ein: VirTool:Win32/Obfuscator.ALA
    Plagegeister aller Art und deren Bekämpfung - 08.10.2014 (7)
  5. VirTool:Win32/Obfuscator.ALA
    Plagegeister aller Art und deren Bekämpfung - 04.10.2014 (44)
  6. Win32:Malware-gen und Trojan.Win32.WinloadSDA.dewcdw und PUA.Win32.Packer.Upx-28 - falsch positive Meldungen?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (1)
  7. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  8. ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner
    Log-Analyse und Auswertung - 17.06.2013 (7)
  9. VirTool:Win32/DelfInject.AE beseitigt, Rechner sauber?
    Log-Analyse und Auswertung - 17.11.2012 (8)
  10. Virus, Trojaner VirTool:Win32/Injector.DM eingefangen. Lt. Microsoft ziemlich böses Ding und recht neu
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (21)
  11. Trojan:Win32/Fakesysdef, Win32/FakeRean und TrojanDownloader:Win32/Karagany.G
    Log-Analyse und Auswertung - 05.01.2012 (2)
  12. VirTool:Win32/VBInject.gen!EZ
    Plagegeister aller Art und deren Bekämpfung - 04.10.2011 (6)
  13. Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (7)
  14. nach spybot durchlauf... Win32.Agent.ieu, Win32.FraudLoad, Win32.PornPopup
    Log-Analyse und Auswertung - 08.08.2010 (3)
  15. Worm:Win32/Conficker.B Virus:Win32/Sality.AM PWS:Win32/Verweli.A
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  16. VirTool:Win32/Obfuscator.CT u. Trojan:Win32/Delflob.I - wie zu beseitigen?
    Plagegeister aller Art und deren Bekämpfung - 29.09.2008 (0)
  17. Trojaner: Win32.KeyLogger, Win32.GreenScreen,Win32.Agent, Win32Tiny, HTML.Bankfraud
    Log-Analyse und Auswertung - 29.09.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Hallo liebes Team, ich hoffe ihr könnt mir helfen, bin gerade wirklich am verzweifeln. Nachdem mein PC sich heute einige Male neu gestartet hatte und nach dem Neustart eine Meldung - Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037...
Archiv
Du betrachtest: Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19