|
Log-Analyse und Auswertung: Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.02.2013, 00:49 | #1 |
| Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Hallo liebes Team, ich hoffe ihr könnt mir helfen, bin gerade wirklich am verzweifeln. Nachdem mein PC sich heute einige Male neu gestartet hatte und nach dem Neustart eine Meldung kam bezüglich eines unerwarteten Fehlers habe ich ein Systembackup machen wollen. Das Backup konnte ich leider nicht abschliessen und bekam die Fehelermeldung Fehler 0x81000037. Daraufhin habe ich mit Microsoft Security Essentials nen Scan gemacht und es wurde ein Trojaner namens Pws:win32... gefunden. Leider habe ich hier nicht aufgepasst und habe diesen leider entfernt anstelle von in Quarantäne verschieben wodurch ich den genauen Namen leider nicht mehr angeben kann. Daraufhin habe ich nochmals nen Scan gemacht und es wurde etwas mit dem Namen virtool:win32/ceeinject.gen!id gefunden. Mit Malwarebytes wurde nichts gefunden. Leider kenne ich mich nicht so gut aus und hoffe ihr könnt mir weiterhelfen. Hier mal alle Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.23.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 samy :: SAMY-PC [Administrator] 23.02.2013 23:42:30 mbam-log-2013-02-23 (23-42-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203672 Laufzeit: 2 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 23.02.2013 23:56:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samy\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 75,88% Memory free 16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 181,87 Gb Total Space | 133,37 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS Drive J: | 246,89 Gb Total Space | 214,97 Gb Free Space | 87,07% Space Free | Partition Type: NTFS Drive K: | 1397,26 Gb Total Space | 1263,26 Gb Free Space | 90,41% Space Free | Partition Type: NTFS Drive L: | 980,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\samy\AppData\Local\Akamai\netsession_win.exe ========== Modules (No Company Name) ========== MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.12 19:55:25 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.06 21:14:18 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.06.18 12:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.06.18 12:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.03.02 18:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.01 11:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=hp&babsrc=lnkry_nt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F 3F 49 18 70 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 19:22:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 19:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Extensions [2013.01.11 19:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Firefox\Profiles\8lvwitdi.default\extensions [2013.01.11 19:23:28 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\firefox\profiles\8lvwitdi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.01.11 19:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\samy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Tampermonkey = C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124_0\ CHR - Extension: YouTube to MP3 Converter = C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\samy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Shotty] C:\Programme\Shotty\Shotty.exe (hxxp://shotty.devs-on.net) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC096F7-45CB-4E12-85E9-024AA1570A67}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.08 01:45:00 | 000,000,175 | R--- | M] () - L:\autorun.inf -- [ UDF ] O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell - "" = AutoRun O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\AutoRun\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\configure\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\install\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.23 23:56:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe [2013.02.23 23:41:40 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Roaming\Malwarebytes [2013.02.23 23:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.23 23:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.23 23:41:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.23 23:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.23 23:40:43 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\Programs [2013.02.06 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{935FD0CE-5103-4D30-8439-2E604FB8C379} [2013.01.29 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{C27DB121-ACA7-475E-9A81-D112EE8DED4E} ========== Files - Modified Within 30 Days ========== [2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe [2013.02.23 23:48:27 | 000,000,168 | ---- | M] () -- C:\Users\samy\defogger_reenable [2013.02.23 23:41:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.23 23:23:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000UA.job [2013.02.23 21:58:12 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.23 21:58:12 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.23 21:55:17 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.23 21:55:17 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.23 21:55:17 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.23 21:55:17 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.23 21:55:17 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.23 21:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.23 21:50:46 | 414,670,434 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.23 21:50:46 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys [2013.02.23 09:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000Core.job [2013.02.20 22:33:39 | 000,000,059 | ---- | M] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini [2013.02.19 23:58:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.16 10:18:44 | 000,071,254 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt1.JPG [2013.02.16 10:18:03 | 000,070,766 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt.JPG [2013.02.14 07:05:50 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.02 18:22:00 | 000,002,358 | ---- | M] () -- C:\Users\samy\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.02.23 23:48:27 | 000,000,168 | ---- | C] () -- C:\Users\samy\defogger_reenable [2013.02.23 23:41:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.16 10:18:42 | 000,071,254 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt1.JPG [2013.02.16 10:18:02 | 000,070,766 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt.JPG [2012.10.21 19:26:27 | 000,000,059 | ---- | C] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini [2012.07.29 21:49:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.29 21:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.29 21:18:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.06 21:17:41 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\DAEMON Tools Lite [2013.01.16 20:18:36 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Fyahry [2013.01.11 19:26:57 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Ibfea [2013.01.11 19:57:42 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Mipiuw [2012.08.06 21:14:16 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\OpenCandy [2013.01.22 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\TS3Client [2013.02.18 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\UseNeXT [2012.08.29 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.02.2013 23:56:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samy\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 75,88% Memory free 16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 181,87 Gb Total Space | 133,37 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS Drive J: | 246,89 Gb Total Space | 214,97 Gb Free Space | 87,07% Space Free | Partition Type: NTFS Drive K: | 1397,26 Gb Total Space | 1263,26 Gb Free Space | 90,41% Space Free | Partition Type: NTFS Drive L: | 980,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F15225-E16A-4713-B9DF-33F1AD9CA705}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{048D1F88-7512-46AD-8000-43688957DC64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{07AB55F2-6CDB-4E46-89C8-FBDC8D533174}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{14DD3803-6F26-41FE-A7FC-C36751C7FB01}" = lport=137 | protocol=17 | dir=in | app=system | "{558CEAE5-0D92-4BDB-B022-CF53BFA2C162}" = lport=139 | protocol=6 | dir=in | app=system | "{72DEA8B3-BB07-4E4D-A2ED-CFE0A15DE958}" = rport=138 | protocol=17 | dir=out | app=system | "{7D31D475-B600-4290-B0FE-48C1A89AEDF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{823571E6-04C1-420E-9388-841A497FFE22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{85E32087-6681-41F8-8CD0-BD982F7E46E2}" = rport=139 | protocol=6 | dir=out | app=system | "{97CCB421-4066-4791-A0F3-D4E837E20080}" = lport=10243 | protocol=6 | dir=in | app=system | "{9EDBC558-C1DA-4D07-994A-8848E18405E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A1617044-6AA0-469E-9BEE-E4AB6FC153C3}" = rport=137 | protocol=17 | dir=out | app=system | "{A85EA74B-4AA7-4529-B19A-FDDBD4EE7144}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AF590DE8-A3C5-4921-84D2-56622DEFEEE8}" = lport=445 | protocol=6 | dir=in | app=system | "{B6CB3474-855A-47BB-810E-564D4A19A607}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3DC4704-EABE-4822-90A5-D093A63A6040}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5E6AAA3-E4C0-4DBE-8EA7-7948CEB567BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAAC9BA0-CC87-42C2-B4F8-FCFE6D81F7C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D4079088-CEBF-457C-BCBA-89FFD8C1760A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D6594916-A21F-49FA-94CB-A5E9544E7595}" = rport=445 | protocol=6 | dir=out | app=system | "{D7210C63-84F3-4AC6-BF3E-CA68D355BDAD}" = rport=10243 | protocol=6 | dir=out | app=system | "{E4EEF1FF-F65B-42AC-B367-9E8EF2F5E954}" = lport=138 | protocol=17 | dir=in | app=system | "{F09AB8F0-187E-4D59-97C4-8CEC2E6EEC3D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{FF6766DE-789B-4D81-A4FD-FFEDCF53282B}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0384B63C-8C8D-4D52-9AB3-60E87B16E8C0}" = protocol=6 | dir=out | app=system | "{06DBCE73-4118-4518-AED7-BA6A0C791E26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{0FBB02CD-9443-44B3-83C6-89E31E1FB143}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0FEB8371-A443-4814-8AEA-3B30D0C812C7}" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | "{1C5CE583-0162-4445-810C-F03586821B42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2CE1A38A-1993-4FBF-9DFC-14E524B7CB75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2D1D5302-ED89-4D1A-8569-60D84D61512F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{37099887-0BC0-4413-84E0-B9D1FDB3D243}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{371CE72E-7D54-45D4-AFE6-12A665201F72}" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | "{48E043F0-978D-4745-A082-0F14E5CE916F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4CC44CD5-401C-46C4-8400-1549B0D4B9C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{51C570A1-FEAF-488F-B70C-02B143763F6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A7067FF-3273-48D1-B249-C4E83B1EA037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{605BE319-8EBD-4E76-BBFF-43088531B016}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{653F1C6B-018B-485D-8181-217B6E316804}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{65F1042D-9DE2-43BE-B277-D37796B7BEEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{720D0018-537D-456D-8C98-4FA7096AFC59}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{76E21B9A-39F4-4658-A48B-C3AF92CADFC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7C61DD46-E055-4941-BA17-B4B8B7412862}" = protocol=58 | dir=in | app=system | "{8841CEBF-6F37-49EF-8A66-BF026EAAD5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8EBC49AE-8F31-4293-9A40-31840E555F55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9A7A542C-D947-431F-98BC-98386337D6AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A2BF3051-C7D8-47A5-99DF-C5896DF7FA89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC145854-5915-4C11-8E59-52E0D6F4DE20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AD1A0413-97EC-4B6C-8F7F-A05C5F47811B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B4ED0C98-9F08-4F87-8D2F-11AB8B6C7146}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B686FF35-57D2-4DE6-A0A8-FDE03927ED0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C7E8FB8A-A7DA-46AD-8F86-3980E172CA24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBB3BA63-F924-4CCE-A50D-257BE131CE7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CD0A95BB-CA21-4C94-B446-93516516B309}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D8CB7A4B-BB6F-4312-8DFA-3F34B0BA8E62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DFBD355B-0E06-47DE-8076-D0D4D1BCC0D2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E096242B-1C25-47DA-A35D-1CE8349B0271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB976E4E-AD03-4202-94B4-05E0D4140643}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{FE384036-FE29-487F-AD17-D5F019764600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{5B41A2B9-2FB9-45F0-BA67-839264AFC221}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | "TCP Query User{71C355E3-2C6B-4BBB-A9BA-57891CE31D67}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | "TCP Query User{728066D2-01D8-4BF1-9A02-905EB12E8B36}I:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=i:\guild wars 2\gw2.exe | "TCP Query User{7D3CD8F9-A8C3-4597-AF33-50856BF9490F}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "TCP Query User{D12140EF-FF88-48C6-889E-8E4B14598376}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{17F37F4D-A75B-428F-A096-CFA29F9AFD60}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{20C4E0D4-E176-4219-B6A2-F0CE5335BBA2}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | "UDP Query User{3ECAB189-A163-4E1E-B9D2-62D46313ACC0}I:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=i:\guild wars 2\gw2.exe | "UDP Query User{75BAC315-B38E-463F-A202-F64861CE0DF8}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{836DE1FD-7649-48BA-AE7A-806861F413AD}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs "{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "2e730c18-03e8-4d1d-8fc2-0ee3ea04a765" = Shotty - Kleines aber eindrucksvolles Screenshot Tool "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional "{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5 "{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English "{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy "{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All "{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common "{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai "{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese "{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish "{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian "{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish "{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 12 Professional Demo "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian "{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision "{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "Goodnight Timer_is1" = Goodnight Timer 1.1 "Guild Wars 2" = Guild Wars 2 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "TeamSpeak 3 Client" = TeamSpeak 3 Client "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 0.9.9 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Google Chrome" = Google Chrome "SOE-DC Universe Online Live" = DC Universe Online Live "SOE-DC Universe Online Live PSG" = DC Universe Online Live ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.02.2013 04:55:26 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 11.02.2013 11:45:03 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 12.02.2013 12:51:11 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 13.02.2013 02:08:04 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 13.02.2013 12:00:22 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 14.02.2013 02:07:13 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 14.02.2013 16:04:33 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 15.02.2013 12:10:46 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 16.02.2013 04:02:19 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = Error - 17.02.2013 04:19:42 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 23.02.2013 04:06:48 | Computer Name = samy-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?02.?2013 um 09:04:02 unerwartet heruntergefahren. Error - 23.02.2013 04:06:51 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001 Description = Error - 23.02.2013 05:22:06 | Computer Name = samy-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?02.?2013 um 10:00:05 unerwartet heruntergefahren. Error - 23.02.2013 05:22:06 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001 Description = Error - 23.02.2013 16:51:04 | Computer Name = samy-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?02.?2013 um 21:48:51 unerwartet heruntergefahren. Error - 23.02.2013 16:51:08 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001 Description = Error - 23.02.2013 16:51:21 | Computer Name = samy-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 23.02.2013 16:51:21 | Computer Name = samy-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 23.02.2013 16:51:22 | Computer Name = samy-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 23.02.2013 16:51:23 | Computer Name = samy-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. < End of report > Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net Rootkit scan 2013-02-24 00:28:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.JP4O 931,51GB Running: gmer_2.1.19081.exe; Driver: C:\Users\samy\AppData\Local\Temp\kxldypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\svchost.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Windows\SysWOW64\svchost.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\Desktop\OTL.exe[4540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\Desktop\OTL.exe[4540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [4208] entry point in ".rdata" section 00000000749271e6 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007783f991 7 bytes {MOV EDX, 0x71c228; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007783fbd5 7 bytes {MOV EDX, 0x71c268; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007783fc05 7 bytes {MOV EDX, 0x71c1a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007783fc1d 7 bytes {MOV EDX, 0x71c128; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007783fc35 7 bytes {MOV EDX, 0x71c328; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007783fc65 7 bytes {MOV EDX, 0x71c368; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007783fce5 7 bytes {MOV EDX, 0x71c2e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007783fcfd 7 bytes {MOV EDX, 0x71c2a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007783fd49 7 bytes {MOV EDX, 0x71c068; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007783fe41 7 bytes {MOV EDX, 0x71c0a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077840099 7 bytes {MOV EDX, 0x71c028; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778410a5 7 bytes {MOV EDX, 0x71c1e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007784111d 7 bytes {MOV EDX, 0x71c168; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077841321 7 bytes {MOV EDX, 0x71c0e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007783f991 7 bytes {MOV EDX, 0xcb4228; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007783fbd5 7 bytes {MOV EDX, 0xcb4268; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007783fc05 7 bytes {MOV EDX, 0xcb41a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007783fc1d 7 bytes {MOV EDX, 0xcb4128; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007783fc35 7 bytes {MOV EDX, 0xcb4328; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007783fc65 7 bytes {MOV EDX, 0xcb4368; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007783fce5 7 bytes {MOV EDX, 0xcb42e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007783fcfd 7 bytes {MOV EDX, 0xcb42a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007783fd49 7 bytes {MOV EDX, 0xcb4068; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007783fe41 7 bytes {MOV EDX, 0xcb40a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077840099 7 bytes {MOV EDX, 0xcb4028; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778410a5 7 bytes {MOV EDX, 0xcb41e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007784111d 7 bytes {MOV EDX, 0xcb4168; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077841321 7 bytes {MOV EDX, 0xcb40e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007783f991 7 bytes {MOV EDX, 0xc96e28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007783fbd5 7 bytes {MOV EDX, 0xc96e68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007783fc05 7 bytes {MOV EDX, 0xc96da8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007783fc1d 7 bytes {MOV EDX, 0xc96d28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007783fc35 7 bytes {MOV EDX, 0xc96f28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007783fc65 7 bytes {MOV EDX, 0xc96f68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007783fce5 7 bytes {MOV EDX, 0xc96ee8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007783fcfd 7 bytes {MOV EDX, 0xc96ea8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007783fd49 7 bytes {MOV EDX, 0xc96c68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007783fe41 7 bytes {MOV EDX, 0xc96ca8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077840099 7 bytes {MOV EDX, 0xc96c28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778410a5 7 bytes {MOV EDX, 0xc96de8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007784111d 7 bytes {MOV EDX, 0xc96d68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077841321 7 bytes {MOV EDX, 0xc96ce8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007783f991 7 bytes {MOV EDX, 0x571a28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007783fbd5 7 bytes {MOV EDX, 0x571a68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007783fc05 7 bytes {MOV EDX, 0x5719a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007783fc1d 7 bytes {MOV EDX, 0x571928; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007783fc35 7 bytes {MOV EDX, 0x571b28; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007783fc65 7 bytes {MOV EDX, 0x571b68; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007783fce5 7 bytes {MOV EDX, 0x571ae8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007783fcfd 7 bytes {MOV EDX, 0x571aa8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007783fd49 7 bytes {MOV EDX, 0x571868; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007783fe41 7 bytes {MOV EDX, 0x5718a8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077840099 7 bytes {MOV EDX, 0x571828; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778410a5 7 bytes {MOV EDX, 0x5719e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007784111d 7 bytes {MOV EDX, 0x571968; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077841321 7 bytes {MOV EDX, 0x5718e8; JMP RDX} .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 ---- EOF - GMER 2.1 ---- |
24.02.2013, 23:03 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Hallo und
__________________Zitat:
Nur der Schädlingname als Info reicht nicht! Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ |
25.02.2013, 20:03 | #3 |
| Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Hallo cosinus,
__________________danke dir für die schnelle Antwort und deine Mühe. Alles was ich an Infos hatte war folgendes: Kategorie: Tool Beschreibung: Dieses Programm wird verwendet, um Viren, Würmer oder andere Malware zu erzeugen. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: file:C:\Users\samy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7fb331e3-2272d253 Ich bin mir leider nicht sicher ob der Punkt "Elemente" den Ort anzeigt an dem es gefunden wurde. Hier die Logs: MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 samy :: SAMY-PC [administrator] 25.02.2013 19:41:40 mbar-log-2013-02-25 (19-41-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29345 Time elapsed: 6 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-25 19:46:44 ----------------------------- 19:46:44.881 OS Version: Windows x64 6.1.7601 Service Pack 1 19:46:44.881 Number of processors: 4 586 0x503 19:46:44.882 ComputerName: SAMY-PC UserName: samy 19:46:45.804 Initialize success 19:48:02.728 AVAST engine defs: 13022500 19:49:04.935 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063 19:49:04.939 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3 19:49:04.949 Disk 0 MBR read successfully 19:49:04.952 Disk 0 MBR scan 19:49:04.959 Disk 0 Windows 7 default MBR code 19:49:04.963 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 19:49:04.994 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 186238 MB offset 206848 19:49:05.026 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 514712 MB offset 381624320 19:49:05.052 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 252814 MB offset 1435756544 19:49:05.111 Disk 0 scanning C:\Windows\system32\drivers 19:49:14.882 Service scanning 19:49:46.262 Modules scanning 19:49:46.281 Disk 0 trace - called modules: 19:49:46.635 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 19:49:46.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db1060] 19:49:46.658 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8007ae93d0] 19:49:46.669 5 ACPI.sys[fffff88000f177a1] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8007aed9c0] 19:49:47.310 AVAST engine scan C:\Windows 19:49:49.156 AVAST engine scan C:\Windows\system32 19:53:06.342 AVAST engine scan C:\Windows\system32\drivers 19:53:17.992 AVAST engine scan C:\Users\samy 19:57:10.440 AVAST engine scan C:\ProgramData 19:57:45.452 Scan finished successfully 19:58:47.385 Disk 0 MBR has been saved successfully to "C:\Users\samy\Desktop\MBR.dat" 19:58:47.438 The log file has been saved successfully to "C:\Users\samy\Desktop\aswMBR.txt" LG soatix |
26.02.2013, 00:34 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
26.02.2013, 18:27 | #5 |
| Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Hier die Logfile von TDSS-Killer Code:
ATTFilter 18:24:08.0658 4316 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:24:08.0985 4316 ============================================================ 18:24:08.0985 4316 Current date / time: 2013/02/26 18:24:08.0985 18:24:08.0985 4316 SystemInfo: 18:24:08.0985 4316 18:24:08.0985 4316 OS Version: 6.1.7601 ServicePack: 1.0 18:24:08.0985 4316 Product type: Workstation 18:24:08.0985 4316 ComputerName: SAMY-PC 18:24:08.0986 4316 UserName: samy 18:24:08.0986 4316 Windows directory: C:\Windows 18:24:08.0986 4316 System windows directory: C:\Windows 18:24:08.0986 4316 Running under WOW64 18:24:08.0986 4316 Processor architecture: Intel x64 18:24:08.0986 4316 Number of processors: 4 18:24:08.0986 4316 Page size: 0x1000 18:24:08.0986 4316 Boot type: Normal boot 18:24:08.0986 4316 ============================================================ 18:24:10.0066 4316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:24:18.0593 4316 Drive \Device\Harddisk5\DR5 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:24:18.0598 4316 ============================================================ 18:24:18.0598 4316 \Device\Harddisk0\DR0: 18:24:18.0608 4316 MBR partitions: 18:24:18.0608 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:24:18.0608 4316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16BBF000 18:24:18.0609 4316 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16BF2000, BlocksNum 0x3ED4C000 18:24:18.0609 4316 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x5593E800, BlocksNum 0x1EDC7000 18:24:18.0609 4316 \Device\Harddisk5\DR5: 18:24:18.0609 4316 MBR partitions: 18:24:18.0610 4316 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800 18:24:18.0610 4316 ============================================================ 18:24:18.0652 4316 C: <-> \Device\Harddisk0\DR0\Partition2 18:24:18.0671 4316 J: <-> \Device\Harddisk0\DR0\Partition4 18:24:18.0709 4316 I: <-> \Device\Harddisk0\DR0\Partition3 18:24:18.0741 4316 K: <-> \Device\Harddisk5\DR5\Partition1 18:24:18.0741 4316 ============================================================ 18:24:18.0741 4316 Initialize success 18:24:18.0741 4316 ============================================================ 18:25:30.0957 0216 ============================================================ 18:25:30.0957 0216 Scan started 18:25:30.0957 0216 Mode: Manual; SigCheck; TDLFS; 18:25:30.0957 0216 ============================================================ 18:25:31.0503 0216 ================ Scan system memory ======================== 18:25:31.0519 0216 System memory - ok 18:25:31.0519 0216 ================ Scan services ============================= 18:25:31.0644 0216 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:25:31.0690 0216 1394ohci - ok 18:25:31.0706 0216 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:25:31.0722 0216 ACPI - ok 18:25:31.0737 0216 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:25:31.0753 0216 AcpiPmi - ok 18:25:31.0768 0216 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:25:31.0784 0216 adp94xx - ok 18:25:31.0815 0216 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:25:31.0831 0216 adpahci - ok 18:25:31.0846 0216 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:25:31.0862 0216 adpu320 - ok 18:25:31.0893 0216 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:25:31.0956 0216 AeLookupSvc - ok 18:25:32.0002 0216 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:25:32.0018 0216 AFD - ok 18:25:32.0049 0216 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:25:32.0049 0216 agp440 - ok 18:25:32.0236 0216 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll 18:25:32.0236 0216 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66 18:25:32.0252 0216 Akamai ( HiddenFile.Multi.Generic ) - warning 18:25:32.0252 0216 Akamai - detected HiddenFile.Multi.Generic (1) 18:25:32.0268 0216 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:25:32.0314 0216 ALG - ok 18:25:32.0361 0216 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:25:32.0377 0216 aliide - ok 18:25:32.0424 0216 [ DCEEE24E57E8176115207312F827C130 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:25:32.0455 0216 AMD External Events Utility - ok 18:25:32.0470 0216 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:25:32.0486 0216 amdide - ok 18:25:32.0502 0216 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:25:32.0517 0216 AmdK8 - ok 18:25:32.0673 0216 [ F6640D83AF0FD74C50E23E68548EA9A0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:25:32.0782 0216 amdkmdag - ok 18:25:32.0814 0216 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:25:32.0829 0216 amdkmdap - ok 18:25:32.0845 0216 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:25:32.0876 0216 AmdPPM - ok 18:25:32.0892 0216 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:25:32.0907 0216 amdsata - ok 18:25:32.0923 0216 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:25:32.0938 0216 amdsbs - ok 18:25:32.0954 0216 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:25:32.0954 0216 amdxata - ok 18:25:32.0985 0216 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:25:33.0016 0216 AppID - ok 18:25:33.0032 0216 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:25:33.0063 0216 AppIDSvc - ok 18:25:33.0079 0216 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:25:33.0110 0216 Appinfo - ok 18:25:33.0188 0216 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:25:33.0219 0216 Apple Mobile Device - ok 18:25:33.0250 0216 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 18:25:33.0266 0216 AppMgmt - ok 18:25:33.0297 0216 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:25:33.0297 0216 arc - ok 18:25:33.0328 0216 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:25:33.0344 0216 arcsas - ok 18:25:33.0360 0216 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:25:33.0406 0216 AsyncMac - ok 18:25:33.0422 0216 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:25:33.0438 0216 atapi - ok 18:25:33.0438 0216 athr - ok 18:25:33.0516 0216 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 18:25:33.0547 0216 AtiHDAudioService - ok 18:25:33.0578 0216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:25:33.0640 0216 AudioEndpointBuilder - ok 18:25:33.0640 0216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:25:33.0672 0216 AudioSrv - ok 18:25:33.0703 0216 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:25:33.0734 0216 AxInstSV - ok 18:25:33.0765 0216 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:25:33.0796 0216 b06bdrv - ok 18:25:33.0812 0216 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:25:33.0843 0216 b57nd60a - ok 18:25:33.0859 0216 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:25:33.0874 0216 BDESVC - ok 18:25:33.0890 0216 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:25:33.0921 0216 Beep - ok 18:25:33.0952 0216 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:25:33.0999 0216 BFE - ok 18:25:34.0030 0216 [ 00CADB1BC2D0030F0B2A1063618B6BD7 ] BIOS C:\Windows\system32\drivers\BIOS64.sys 18:25:34.0093 0216 BIOS - ok 18:25:34.0140 0216 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:25:34.0218 0216 BITS - ok 18:25:34.0249 0216 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:25:34.0280 0216 blbdrive - ok 18:25:34.0327 0216 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:25:34.0358 0216 Bonjour Service - ok 18:25:34.0374 0216 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:25:34.0405 0216 bowser - ok 18:25:34.0420 0216 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:25:34.0436 0216 BrFiltLo - ok 18:25:34.0452 0216 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:25:34.0467 0216 BrFiltUp - ok 18:25:34.0498 0216 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:25:34.0514 0216 Browser - ok 18:25:34.0530 0216 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:25:34.0561 0216 Brserid - ok 18:25:34.0561 0216 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:25:34.0592 0216 BrSerWdm - ok 18:25:34.0608 0216 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:25:34.0623 0216 BrUsbMdm - ok 18:25:34.0639 0216 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:25:34.0670 0216 BrUsbSer - ok 18:25:34.0670 0216 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:25:34.0686 0216 BTHMODEM - ok 18:25:34.0717 0216 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:25:34.0764 0216 bthserv - ok 18:25:34.0795 0216 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:25:34.0857 0216 cdfs - ok 18:25:34.0904 0216 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:25:34.0935 0216 cdrom - ok 18:25:34.0951 0216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:25:35.0013 0216 CertPropSvc - ok 18:25:35.0029 0216 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:25:35.0044 0216 circlass - ok 18:25:35.0076 0216 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:25:35.0091 0216 CLFS - ok 18:25:35.0154 0216 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:25:35.0169 0216 clr_optimization_v2.0.50727_32 - ok 18:25:35.0216 0216 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:25:35.0232 0216 clr_optimization_v2.0.50727_64 - ok 18:25:35.0310 0216 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:25:35.0325 0216 clr_optimization_v4.0.30319_32 - ok 18:25:35.0356 0216 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:25:35.0372 0216 clr_optimization_v4.0.30319_64 - ok 18:25:35.0388 0216 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:25:35.0403 0216 CmBatt - ok 18:25:35.0419 0216 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:25:35.0434 0216 cmdide - ok 18:25:35.0450 0216 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:25:35.0481 0216 CNG - ok 18:25:35.0497 0216 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:25:35.0497 0216 Compbatt - ok 18:25:35.0512 0216 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 18:25:35.0528 0216 CompositeBus - ok 18:25:35.0544 0216 COMSysApp - ok 18:25:35.0559 0216 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:25:35.0575 0216 crcdisk - ok 18:25:35.0606 0216 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:25:35.0622 0216 CryptSvc - ok 18:25:35.0653 0216 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 18:25:35.0684 0216 CSC - ok 18:25:35.0715 0216 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 18:25:35.0731 0216 CscService - ok 18:25:35.0762 0216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:25:35.0809 0216 DcomLaunch - ok 18:25:35.0840 0216 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:25:35.0887 0216 defragsvc - ok 18:25:35.0918 0216 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:25:35.0965 0216 DfsC - ok 18:25:35.0996 0216 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:25:36.0012 0216 Dhcp - ok 18:25:36.0027 0216 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:25:36.0074 0216 discache - ok 18:25:36.0105 0216 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:25:36.0105 0216 Disk - ok 18:25:36.0121 0216 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 18:25:36.0136 0216 dmvsc - ok 18:25:36.0152 0216 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:25:36.0183 0216 Dnscache - ok 18:25:36.0199 0216 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:25:36.0230 0216 dot3svc - ok 18:25:36.0246 0216 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:25:36.0277 0216 DPS - ok 18:25:36.0292 0216 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:25:36.0308 0216 drmkaud - ok 18:25:36.0339 0216 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 18:25:36.0355 0216 dtsoftbus01 - ok 18:25:36.0386 0216 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:25:36.0402 0216 DXGKrnl - ok 18:25:36.0417 0216 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:25:36.0448 0216 EapHost - ok 18:25:36.0511 0216 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:25:36.0573 0216 ebdrv - ok 18:25:36.0589 0216 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:25:36.0604 0216 EFS - ok 18:25:36.0651 0216 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:25:36.0682 0216 ehRecvr - ok 18:25:36.0698 0216 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:25:36.0714 0216 ehSched - ok 18:25:36.0745 0216 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:25:36.0760 0216 elxstor - ok 18:25:36.0776 0216 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:25:36.0792 0216 ErrDev - ok 18:25:36.0823 0216 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:25:36.0854 0216 EventSystem - ok 18:25:36.0870 0216 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:25:36.0901 0216 exfat - ok 18:25:36.0916 0216 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:25:36.0963 0216 fastfat - ok 18:25:36.0979 0216 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:25:36.0994 0216 Fax - ok 18:25:37.0026 0216 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:25:37.0057 0216 fdc - ok 18:25:37.0072 0216 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:25:37.0104 0216 fdPHost - ok 18:25:37.0119 0216 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:25:37.0150 0216 FDResPub - ok 18:25:37.0166 0216 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:25:37.0182 0216 FileInfo - ok 18:25:37.0197 0216 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:25:37.0228 0216 Filetrace - ok 18:25:37.0228 0216 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:25:37.0244 0216 flpydisk - ok 18:25:37.0260 0216 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:25:37.0275 0216 FltMgr - ok 18:25:37.0291 0216 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:25:37.0322 0216 FontCache - ok 18:25:37.0369 0216 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:25:37.0400 0216 FontCache3.0.0.0 - ok 18:25:37.0416 0216 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:25:37.0447 0216 FsDepends - ok 18:25:37.0462 0216 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:25:37.0478 0216 Fs_Rec - ok 18:25:37.0494 0216 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:25:37.0509 0216 fvevol - ok 18:25:37.0540 0216 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:25:37.0540 0216 gagp30kx - ok 18:25:37.0587 0216 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:25:37.0587 0216 GEARAspiWDM - ok 18:25:37.0618 0216 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:25:37.0665 0216 gpsvc - ok 18:25:37.0681 0216 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:25:37.0696 0216 hcw85cir - ok 18:25:37.0728 0216 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:25:37.0743 0216 HdAudAddService - ok 18:25:37.0774 0216 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 18:25:37.0790 0216 HDAudBus - ok 18:25:37.0790 0216 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:25:37.0806 0216 HidBatt - ok 18:25:37.0821 0216 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:25:37.0821 0216 HidBth - ok 18:25:37.0837 0216 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:25:37.0837 0216 HidIr - ok 18:25:37.0852 0216 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:25:37.0899 0216 hidserv - ok 18:25:37.0915 0216 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:25:37.0915 0216 HidUsb - ok 18:25:37.0946 0216 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:25:38.0024 0216 hkmsvc - ok 18:25:38.0040 0216 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:25:38.0055 0216 HomeGroupListener - ok 18:25:38.0086 0216 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:25:38.0102 0216 HomeGroupProvider - ok 18:25:38.0133 0216 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:25:38.0149 0216 HpSAMD - ok 18:25:38.0164 0216 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:25:38.0211 0216 HTTP - ok 18:25:38.0227 0216 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:25:38.0227 0216 hwpolicy - ok 18:25:38.0242 0216 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:25:38.0258 0216 i8042prt - ok 18:25:38.0274 0216 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:25:38.0289 0216 iaStorV - ok 18:25:38.0320 0216 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:25:38.0352 0216 idsvc - ok 18:25:38.0476 0216 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:25:38.0586 0216 igfx - ok 18:25:38.0601 0216 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:25:38.0601 0216 iirsp - ok 18:25:38.0632 0216 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:25:38.0679 0216 IKEEXT - ok 18:25:38.0695 0216 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:25:38.0710 0216 intelide - ok 18:25:38.0742 0216 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 18:25:38.0773 0216 intelppm - ok 18:25:38.0788 0216 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:25:38.0835 0216 IPBusEnum - ok 18:25:38.0835 0216 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:25:38.0866 0216 IpFilterDriver - ok 18:25:38.0898 0216 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:25:38.0944 0216 iphlpsvc - ok 18:25:38.0944 0216 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:25:38.0960 0216 IPMIDRV - ok 18:25:38.0960 0216 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:25:39.0007 0216 IPNAT - ok 18:25:39.0054 0216 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:25:39.0069 0216 iPod Service - ok 18:25:39.0116 0216 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:25:39.0147 0216 IRENUM - ok 18:25:39.0163 0216 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:25:39.0178 0216 isapnp - ok 18:25:39.0194 0216 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:25:39.0210 0216 iScsiPrt - ok 18:25:39.0225 0216 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:25:39.0241 0216 kbdclass - ok 18:25:39.0256 0216 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:25:39.0272 0216 kbdhid - ok 18:25:39.0288 0216 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:25:39.0303 0216 KeyIso - ok 18:25:39.0319 0216 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:25:39.0334 0216 KSecDD - ok 18:25:39.0350 0216 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:25:39.0366 0216 KSecPkg - ok 18:25:39.0381 0216 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:25:39.0428 0216 ksthunk - ok 18:25:39.0444 0216 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:25:39.0490 0216 KtmRm - ok 18:25:39.0522 0216 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:25:39.0553 0216 LanmanServer - ok 18:25:39.0584 0216 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:25:39.0615 0216 LanmanWorkstation - ok 18:25:39.0631 0216 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:25:39.0662 0216 lltdio - ok 18:25:39.0693 0216 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:25:39.0740 0216 lltdsvc - ok 18:25:39.0756 0216 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:25:39.0787 0216 lmhosts - ok 18:25:39.0818 0216 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:25:39.0834 0216 LSI_FC - ok 18:25:39.0834 0216 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:25:39.0849 0216 LSI_SAS - ok 18:25:39.0865 0216 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:25:39.0865 0216 LSI_SAS2 - ok 18:25:39.0880 0216 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:25:39.0896 0216 LSI_SCSI - ok 18:25:39.0912 0216 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:25:39.0958 0216 luafv - ok 18:25:39.0974 0216 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:25:39.0990 0216 Mcx2Svc - ok 18:25:40.0005 0216 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:25:40.0021 0216 megasas - ok 18:25:40.0036 0216 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:25:40.0052 0216 MegaSR - ok 18:25:40.0114 0216 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 18:25:40.0146 0216 Microsoft Office Groove Audit Service - ok 18:25:40.0161 0216 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:25:40.0208 0216 MMCSS - ok 18:25:40.0224 0216 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:25:40.0255 0216 Modem - ok 18:25:40.0270 0216 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:25:40.0286 0216 monitor - ok 18:25:40.0302 0216 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:25:40.0317 0216 mouclass - ok 18:25:40.0348 0216 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:25:40.0395 0216 mouhid - ok 18:25:40.0411 0216 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:25:40.0442 0216 mountmgr - ok 18:25:40.0489 0216 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:25:40.0520 0216 MozillaMaintenance - ok 18:25:40.0536 0216 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 18:25:40.0567 0216 MpFilter - ok 18:25:40.0582 0216 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:25:40.0598 0216 mpio - ok 18:25:40.0614 0216 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:25:40.0629 0216 mpsdrv - ok 18:25:40.0660 0216 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:25:40.0707 0216 MpsSvc - ok 18:25:40.0707 0216 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:25:40.0738 0216 MRxDAV - ok 18:25:40.0738 0216 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:25:40.0754 0216 mrxsmb - ok 18:25:40.0770 0216 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:25:40.0785 0216 mrxsmb10 - ok 18:25:40.0801 0216 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:25:40.0816 0216 mrxsmb20 - ok 18:25:40.0832 0216 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:25:40.0832 0216 msahci - ok 18:25:40.0848 0216 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:25:40.0848 0216 msdsm - ok 18:25:40.0863 0216 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:25:40.0879 0216 MSDTC - ok 18:25:40.0894 0216 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:25:40.0926 0216 Msfs - ok 18:25:40.0941 0216 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:25:41.0004 0216 mshidkmdf - ok 18:25:41.0019 0216 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:25:41.0019 0216 msisadrv - ok 18:25:41.0050 0216 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:25:41.0082 0216 MSiSCSI - ok 18:25:41.0097 0216 msiserver - ok 18:25:41.0113 0216 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:25:41.0144 0216 MSKSSRV - ok 18:25:41.0206 0216 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 18:25:41.0238 0216 MsMpSvc - ok 18:25:41.0253 0216 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:25:41.0284 0216 MSPCLOCK - ok 18:25:41.0300 0216 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:25:41.0331 0216 MSPQM - ok 18:25:41.0347 0216 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:25:41.0362 0216 MsRPC - ok 18:25:41.0378 0216 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 18:25:41.0394 0216 mssmbios - ok 18:25:41.0394 0216 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:25:41.0425 0216 MSTEE - ok 18:25:41.0440 0216 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:25:41.0456 0216 MTConfig - ok 18:25:41.0472 0216 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:25:41.0472 0216 Mup - ok 18:25:41.0503 0216 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:25:41.0550 0216 napagent - ok 18:25:41.0581 0216 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:25:41.0596 0216 NativeWifiP - ok 18:25:41.0643 0216 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:25:41.0659 0216 NDIS - ok 18:25:41.0674 0216 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:25:41.0706 0216 NdisCap - ok 18:25:41.0721 0216 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:25:41.0752 0216 NdisTapi - ok 18:25:41.0768 0216 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:25:41.0799 0216 Ndisuio - ok 18:25:41.0815 0216 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:25:41.0846 0216 NdisWan - ok 18:25:41.0862 0216 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:25:41.0893 0216 NDProxy - ok 18:25:41.0908 0216 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:25:41.0940 0216 NetBIOS - ok 18:25:41.0955 0216 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:25:41.0986 0216 NetBT - ok 18:25:41.0986 0216 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:25:42.0002 0216 Netlogon - ok 18:25:42.0033 0216 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:25:42.0064 0216 Netman - ok 18:25:42.0096 0216 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:25:42.0127 0216 netprofm - ok 18:25:42.0142 0216 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:25:42.0142 0216 NetTcpPortSharing - ok 18:25:42.0174 0216 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:25:42.0189 0216 nfrd960 - ok 18:25:42.0236 0216 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 18:25:42.0283 0216 NisDrv - ok 18:25:42.0298 0216 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 18:25:42.0314 0216 NisSrv - ok 18:25:42.0345 0216 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:25:42.0361 0216 NlaSvc - ok 18:25:42.0376 0216 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:25:42.0408 0216 Npfs - ok 18:25:42.0454 0216 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:25:42.0517 0216 nsi - ok 18:25:42.0532 0216 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:25:42.0564 0216 nsiproxy - ok 18:25:42.0595 0216 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:25:42.0642 0216 Ntfs - ok 18:25:42.0642 0216 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:25:42.0673 0216 Null - ok 18:25:42.0704 0216 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 18:25:42.0735 0216 NVENETFD - ok 18:25:42.0766 0216 [ 0AA2A6AAE14BDF0BEA29056EE759B200 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys 18:25:42.0798 0216 NVNET - ok 18:25:42.0844 0216 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:25:42.0876 0216 nvraid - ok 18:25:42.0891 0216 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:25:42.0907 0216 nvstor - ok 18:25:42.0922 0216 [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 18:25:42.0938 0216 nvstor64 - ok 18:25:42.0954 0216 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:25:42.0969 0216 nv_agp - ok 18:25:43.0016 0216 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:25:43.0032 0216 odserv - ok 18:25:43.0032 0216 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:25:43.0063 0216 ohci1394 - ok 18:25:43.0078 0216 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:25:43.0094 0216 ose - ok 18:25:43.0125 0216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:25:43.0141 0216 p2pimsvc - ok 18:25:43.0156 0216 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:25:43.0172 0216 p2psvc - ok 18:25:43.0219 0216 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:25:43.0250 0216 Parport - ok 18:25:43.0266 0216 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:25:43.0281 0216 partmgr - ok 18:25:43.0281 0216 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:25:43.0312 0216 PcaSvc - ok 18:25:43.0328 0216 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:25:43.0344 0216 pci - ok 18:25:43.0344 0216 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:25:43.0359 0216 pciide - ok 18:25:43.0375 0216 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:25:43.0375 0216 pcmcia - ok 18:25:43.0406 0216 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:25:43.0406 0216 pcw - ok 18:25:43.0437 0216 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:25:43.0484 0216 PEAUTH - ok 18:25:43.0515 0216 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 18:25:43.0562 0216 PeerDistSvc - ok 18:25:43.0624 0216 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:25:43.0624 0216 PerfHost - ok 18:25:43.0671 0216 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:25:43.0718 0216 pla - ok 18:25:43.0749 0216 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:25:43.0765 0216 PlugPlay - ok 18:25:43.0780 0216 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:25:43.0796 0216 PNRPAutoReg - ok 18:25:43.0812 0216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:25:43.0827 0216 PNRPsvc - ok 18:25:43.0858 0216 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:25:43.0936 0216 PolicyAgent - ok 18:25:43.0968 0216 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:25:43.0999 0216 Power - ok 18:25:44.0030 0216 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:25:44.0061 0216 PptpMiniport - ok 18:25:44.0077 0216 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:25:44.0092 0216 Processor - ok 18:25:44.0124 0216 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:25:44.0139 0216 ProfSvc - ok 18:25:44.0155 0216 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:25:44.0155 0216 ProtectedStorage - ok 18:25:44.0186 0216 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:25:44.0202 0216 Psched - ok 18:25:44.0233 0216 [ D8589A43B352E7F2317194C98447149F ] pwdrvio C:\Windows\system32\pwdrvio.sys 18:25:44.0248 0216 pwdrvio - ok 18:25:44.0264 0216 [ 4B8FDA635F4D2E7D638B2B3817B5AFC8 ] pwdspio C:\Windows\system32\pwdspio.sys 18:25:44.0280 0216 pwdspio - ok 18:25:44.0311 0216 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:25:44.0342 0216 ql2300 - ok 18:25:44.0373 0216 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:25:44.0373 0216 ql40xx - ok 18:25:44.0404 0216 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:25:44.0420 0216 QWAVE - ok 18:25:44.0420 0216 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:25:44.0436 0216 QWAVEdrv - ok 18:25:44.0451 0216 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:25:44.0482 0216 RasAcd - ok 18:25:44.0514 0216 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:25:44.0576 0216 RasAgileVpn - ok 18:25:44.0576 0216 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:25:44.0623 0216 RasAuto - ok 18:25:44.0638 0216 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:25:44.0654 0216 Rasl2tp - ok 18:25:44.0685 0216 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:25:44.0716 0216 RasMan - ok 18:25:44.0732 0216 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:25:44.0763 0216 RasPppoe - ok 18:25:44.0779 0216 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:25:44.0810 0216 RasSstp - ok 18:25:44.0841 0216 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:25:44.0872 0216 rdbss - ok 18:25:44.0888 0216 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:25:44.0904 0216 rdpbus - ok 18:25:44.0919 0216 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:25:44.0950 0216 RDPCDD - ok 18:25:44.0982 0216 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 18:25:44.0982 0216 RDPDR - ok 18:25:45.0013 0216 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:25:45.0044 0216 RDPENCDD - ok 18:25:45.0060 0216 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:25:45.0091 0216 RDPREFMP - ok 18:25:45.0106 0216 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 18:25:45.0122 0216 RdpVideoMiniport - ok 18:25:45.0138 0216 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:25:45.0153 0216 RDPWD - ok 18:25:45.0169 0216 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:25:45.0184 0216 rdyboost - ok 18:25:45.0216 0216 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:25:45.0231 0216 RemoteAccess - ok 18:25:45.0262 0216 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:25:45.0309 0216 RemoteRegistry - ok 18:25:45.0325 0216 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:25:45.0356 0216 RpcEptMapper - ok 18:25:45.0372 0216 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:25:45.0387 0216 RpcLocator - ok 18:25:45.0403 0216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:25:45.0434 0216 RpcSs - ok 18:25:45.0465 0216 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:25:45.0496 0216 rspndr - ok 18:25:45.0512 0216 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 18:25:45.0528 0216 s3cap - ok 18:25:45.0543 0216 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:25:45.0559 0216 SamSs - ok 18:25:45.0559 0216 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:25:45.0574 0216 sbp2port - ok 18:25:45.0590 0216 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:25:45.0621 0216 SCardSvr - ok 18:25:45.0637 0216 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:25:45.0668 0216 scfilter - ok 18:25:45.0699 0216 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:25:45.0730 0216 Schedule - ok 18:25:45.0762 0216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:25:45.0777 0216 SCPolicySvc - ok 18:25:45.0793 0216 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:25:45.0808 0216 SDRSVC - ok 18:25:45.0840 0216 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:25:45.0902 0216 secdrv - ok 18:25:45.0918 0216 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:25:45.0949 0216 seclogon - ok 18:25:45.0949 0216 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:25:45.0980 0216 SENS - ok 18:25:45.0996 0216 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:25:46.0011 0216 SensrSvc - ok 18:25:46.0042 0216 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:25:46.0074 0216 Serenum - ok 18:25:46.0089 0216 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:25:46.0120 0216 Serial - ok 18:25:46.0136 0216 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:25:46.0167 0216 sermouse - ok 18:25:46.0183 0216 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:25:46.0245 0216 SessionEnv - ok 18:25:46.0245 0216 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:25:46.0261 0216 sffdisk - ok 18:25:46.0276 0216 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:25:46.0292 0216 sffp_mmc - ok 18:25:46.0292 0216 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:25:46.0308 0216 sffp_sd - ok 18:25:46.0323 0216 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:25:46.0339 0216 sfloppy - ok 18:25:46.0354 0216 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:25:46.0386 0216 SharedAccess - ok 18:25:46.0417 0216 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:25:46.0448 0216 ShellHWDetection - ok 18:25:46.0464 0216 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:25:46.0479 0216 SiSRaid2 - ok 18:25:46.0479 0216 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:25:46.0495 0216 SiSRaid4 - ok 18:25:46.0542 0216 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:25:46.0573 0216 SkypeUpdate - ok 18:25:46.0588 0216 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:25:46.0635 0216 Smb - ok 18:25:46.0666 0216 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:25:46.0682 0216 SNMPTRAP - ok 18:25:46.0698 0216 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:25:46.0713 0216 spldr - ok 18:25:46.0744 0216 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:25:46.0760 0216 Spooler - ok 18:25:46.0838 0216 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:25:46.0932 0216 sppsvc - ok 18:25:46.0932 0216 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:25:46.0963 0216 sppuinotify - ok 18:25:46.0978 0216 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:25:47.0010 0216 srv - ok 18:25:47.0025 0216 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:25:47.0041 0216 srv2 - ok 18:25:47.0041 0216 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:25:47.0056 0216 srvnet - ok 18:25:47.0088 0216 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:25:47.0119 0216 SSDPSRV - ok 18:25:47.0134 0216 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:25:47.0166 0216 SstpSvc - ok 18:25:47.0181 0216 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:25:47.0181 0216 stexstor - ok 18:25:47.0212 0216 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:25:47.0259 0216 stisvc - ok 18:25:47.0290 0216 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 18:25:47.0306 0216 storflt - ok 18:25:47.0306 0216 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 18:25:47.0322 0216 storvsc - ok 18:25:47.0337 0216 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 18:25:47.0353 0216 swenum - ok 18:25:47.0368 0216 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:25:47.0415 0216 swprv - ok 18:25:47.0415 0216 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys 18:25:47.0431 0216 Synth3dVsc - ok 18:25:47.0462 0216 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:25:47.0509 0216 SysMain - ok 18:25:47.0509 0216 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:25:47.0524 0216 TabletInputService - ok 18:25:47.0524 0216 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:25:47.0571 0216 TapiSrv - ok 18:25:47.0587 0216 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:25:47.0618 0216 TBS - ok 18:25:47.0665 0216 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:25:47.0712 0216 Tcpip - ok 18:25:47.0743 0216 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:25:47.0774 0216 TCPIP6 - ok 18:25:47.0790 0216 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:25:47.0805 0216 tcpipreg - ok 18:25:47.0821 0216 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:25:47.0836 0216 TDPIPE - ok 18:25:47.0852 0216 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:25:47.0868 0216 TDTCP - ok 18:25:47.0883 0216 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:25:47.0914 0216 tdx - ok 18:25:47.0914 0216 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 18:25:47.0930 0216 TermDD - ok 18:25:47.0946 0216 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys 18:25:47.0961 0216 terminpt - ok 18:25:47.0977 0216 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:25:48.0024 0216 TermService - ok 18:25:48.0039 0216 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:25:48.0055 0216 Themes - ok 18:25:48.0070 0216 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:25:48.0102 0216 THREADORDER - ok 18:25:48.0117 0216 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:25:48.0148 0216 TrkWks - ok 18:25:48.0180 0216 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:25:48.0211 0216 TrustedInstaller - ok 18:25:48.0211 0216 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:25:48.0242 0216 tssecsrv - ok 18:25:48.0273 0216 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:25:48.0289 0216 TsUsbFlt - ok 18:25:48.0289 0216 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 18:25:48.0304 0216 TsUsbGD - ok 18:25:48.0304 0216 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 18:25:48.0320 0216 tsusbhub - ok 18:25:48.0336 0216 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:25:48.0382 0216 tunnel - ok 18:25:48.0382 0216 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:25:48.0398 0216 uagp35 - ok 18:25:48.0414 0216 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:25:48.0445 0216 udfs - ok 18:25:48.0476 0216 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:25:48.0492 0216 UI0Detect - ok 18:25:48.0507 0216 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:25:48.0523 0216 uliagpkx - ok 18:25:48.0538 0216 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:25:48.0554 0216 umbus - ok 18:25:48.0585 0216 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:25:48.0601 0216 UmPass - ok 18:25:48.0616 0216 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 18:25:48.0632 0216 UmRdpService - ok 18:25:48.0648 0216 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:25:48.0679 0216 upnphost - ok 18:25:48.0710 0216 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 18:25:48.0726 0216 USBAAPL64 - ok 18:25:48.0741 0216 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:25:48.0757 0216 usbaudio - ok 18:25:48.0772 0216 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:25:48.0788 0216 usbccgp - ok 18:25:48.0819 0216 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:25:48.0835 0216 usbcir - ok 18:25:48.0850 0216 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:25:48.0866 0216 usbehci - ok 18:25:48.0882 0216 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:25:48.0913 0216 usbhub - ok 18:25:48.0928 0216 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 18:25:48.0928 0216 usbohci - ok 18:25:48.0944 0216 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 18:25:48.0960 0216 usbprint - ok 18:25:48.0975 0216 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:25:48.0991 0216 USBSTOR - ok 18:25:49.0006 0216 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:25:49.0022 0216 usbuhci - ok 18:25:49.0053 0216 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 18:25:49.0069 0216 usbvideo - ok 18:25:49.0100 0216 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:25:49.0131 0216 UxSms - ok 18:25:49.0147 0216 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:25:49.0147 0216 VaultSvc - ok 18:25:49.0178 0216 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:25:49.0194 0216 vdrvroot - ok 18:25:49.0209 0216 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:25:49.0240 0216 vds - ok 18:25:49.0256 0216 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:25:49.0272 0216 vga - ok 18:25:49.0287 0216 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:25:49.0318 0216 VgaSave - ok 18:25:49.0318 0216 VGPU - ok 18:25:49.0334 0216 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:25:49.0350 0216 vhdmp - ok 18:25:49.0396 0216 [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 18:25:49.0443 0216 VIAHdAudAddService - ok 18:25:49.0459 0216 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:25:49.0474 0216 viaide - ok 18:25:49.0474 0216 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 18:25:49.0490 0216 vmbus - ok 18:25:49.0506 0216 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 18:25:49.0521 0216 VMBusHID - ok 18:25:49.0537 0216 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:25:49.0552 0216 volmgr - ok 18:25:49.0568 0216 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:25:49.0568 0216 volmgrx - ok 18:25:49.0584 0216 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:25:49.0599 0216 volsnap - ok 18:25:49.0615 0216 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:25:49.0630 0216 vsmraid - ok 18:25:49.0662 0216 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:25:49.0724 0216 VSS - ok 18:25:49.0724 0216 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:25:49.0755 0216 vwifibus - ok 18:25:49.0771 0216 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:25:49.0786 0216 vwififlt - ok 18:25:49.0802 0216 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:25:49.0833 0216 W32Time - ok 18:25:49.0864 0216 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:25:49.0896 0216 WacomPen - ok 18:25:49.0911 0216 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:25:49.0958 0216 WANARP - ok 18:25:49.0958 0216 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:25:49.0989 0216 Wanarpv6 - ok 18:25:50.0036 0216 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:25:50.0067 0216 wbengine - ok 18:25:50.0067 0216 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:25:50.0083 0216 WbioSrvc - ok 18:25:50.0098 0216 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:25:50.0130 0216 wcncsvc - ok 18:25:50.0130 0216 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:25:50.0161 0216 WcsPlugInService - ok 18:25:50.0161 0216 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:25:50.0176 0216 Wd - ok 18:25:50.0208 0216 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:25:50.0223 0216 Wdf01000 - ok 18:25:50.0239 0216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:25:50.0254 0216 WdiServiceHost - ok 18:25:50.0254 0216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:25:50.0270 0216 WdiSystemHost - ok 18:25:50.0301 0216 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:25:50.0317 0216 WebClient - ok 18:25:50.0332 0216 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:25:50.0364 0216 Wecsvc - ok 18:25:50.0379 0216 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:25:50.0410 0216 wercplsupport - ok 18:25:50.0426 0216 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:25:50.0457 0216 WerSvc - ok 18:25:50.0488 0216 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:25:50.0520 0216 WfpLwf - ok 18:25:50.0535 0216 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:25:50.0535 0216 WIMMount - ok 18:25:50.0551 0216 WinDefend - ok 18:25:50.0551 0216 WinHttpAutoProxySvc - ok 18:25:50.0613 0216 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:25:50.0676 0216 Winmgmt - ok 18:25:50.0738 0216 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:25:50.0816 0216 WinRM - ok 18:25:50.0863 0216 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:25:50.0910 0216 WinUsb - ok 18:25:50.0941 0216 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:25:50.0972 0216 Wlansvc - ok 18:25:51.0081 0216 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:25:51.0128 0216 wlidsvc - ok 18:25:51.0159 0216 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:25:51.0175 0216 WmiAcpi - ok 18:25:51.0206 0216 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:25:51.0237 0216 wmiApSrv - ok 18:25:51.0284 0216 WMPNetworkSvc - ok 18:25:51.0300 0216 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:25:51.0331 0216 WPCSvc - ok 18:25:51.0346 0216 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:25:51.0378 0216 WPDBusEnum - ok 18:25:51.0378 0216 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:25:51.0409 0216 ws2ifsl - ok 18:25:51.0424 0216 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:25:51.0456 0216 wscsvc - ok 18:25:51.0456 0216 WSearch - ok 18:25:51.0534 0216 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:25:51.0596 0216 wuauserv - ok 18:25:51.0612 0216 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:25:51.0627 0216 WudfPf - ok 18:25:51.0643 0216 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:25:51.0674 0216 WUDFRd - ok 18:25:51.0690 0216 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:25:51.0705 0216 wudfsvc - ok 18:25:51.0721 0216 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:25:51.0736 0216 WwanSvc - ok 18:25:51.0768 0216 X6va009 - ok 18:25:51.0783 0216 ================ Scan global =============================== 18:25:51.0799 0216 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:25:51.0814 0216 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:25:51.0830 0216 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:25:51.0846 0216 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:25:51.0877 0216 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:25:51.0877 0216 [Global] - ok 18:25:51.0877 0216 ================ Scan MBR ================================== 18:25:51.0892 0216 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:25:52.0407 0216 \Device\Harddisk0\DR0 - ok 18:25:52.0438 0216 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk5\DR5 18:25:52.0782 0216 \Device\Harddisk5\DR5 - ok 18:25:52.0782 0216 ================ Scan VBR ================================== 18:25:52.0782 0216 [ F849144F265164CBC2AC1F9091843309 ] \Device\Harddisk0\DR0\Partition1 18:25:52.0782 0216 \Device\Harddisk0\DR0\Partition1 - ok 18:25:52.0813 0216 [ D7A13E51FAF8434D7FD69DB4FAC98C32 ] \Device\Harddisk0\DR0\Partition2 18:25:52.0813 0216 \Device\Harddisk0\DR0\Partition2 - ok 18:25:52.0828 0216 [ 8771A765FD71C37BA6651B33179EE6D0 ] \Device\Harddisk0\DR0\Partition3 18:25:52.0828 0216 \Device\Harddisk0\DR0\Partition3 - ok 18:25:52.0860 0216 [ 467302C4616100DFF219A4CA5869C56F ] \Device\Harddisk0\DR0\Partition4 18:25:52.0860 0216 \Device\Harddisk0\DR0\Partition4 - ok 18:25:52.0891 0216 [ BD2500686B3340A9C4933AB8B7ACA90F ] \Device\Harddisk5\DR5\Partition1 18:25:52.0891 0216 \Device\Harddisk5\DR5\Partition1 - ok 18:25:52.0891 0216 ============================================================ 18:25:52.0891 0216 Scan finished 18:25:52.0891 0216 ============================================================ 18:25:52.0906 3988 Detected object count: 1 18:25:52.0906 3988 Actual detected object count: 1 18:26:04.0138 3988 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 18:26:04.0138 3988 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip soatix |
26.02.2013, 23:39 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Dann bitte jetzt CF ausführen: Scan mit Combofix
__________________ --> Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 |
27.02.2013, 18:25 | #7 |
| Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Ich kann den Log von Combofix nicht als Code einfügen. Wie verfahre ich in diesem Fall? LG soatix |
27.02.2013, 20:48 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Ist es zu groß? Wenn ja, bitte nur zu große Logs zippen und in den Anhang legen
__________________ Logfiles bitte immer in CODE-Tags posten |
28.02.2013, 20:14 | #9 |
| Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Ich konnte es nicht hinein kopieren, gehe davon aus das es zu groß war. Hab es angehängt. LG |
01.03.2013, 14:21 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
02.03.2013, 09:56 | #11 |
| Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.6 (02.27.2013:1) OS: Windows 7 Ultimate x64 Ran by samy on 02.03.2013 at 9:32:52,77 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2909018925-352489279-3901980246-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\samy\AppData\Roaming\opencandy" ~~~ FireFox Successfully deleted: [File] C:\Users\samy\AppData\Roaming\mozilla\firefox\profiles\8lvwitdi.default\user.js ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.03.2013 at 9:39:05,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.113 - Datei am 02/03/2013 um 09:47:00 erstellt # Aktualisiert am 23/02/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : samy - SAMY-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\samy\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=hp&babsrc=lnkry_nt --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v18.0 (de) Datei : C:\Users\samy\AppData\Roaming\Mozilla\Firefox\Profiles\8lvwitdi.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v25.0.1364.97 Datei : C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.2096] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY[...] ************************* AdwCleaner[S1].txt - [2317 octets] - [02/03/2013 09:47:00] ########## EOF - C:\AdwCleaner[S1].txt - [2377 octets] ########## Code:
ATTFilter OTL logfile created on: 02.03.2013 09:50:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samy\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 81,94% Memory free 16,00 Gb Paging File | 14,33 Gb Available in Paging File | 89,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 181,87 Gb Total Space | 135,78 Gb Free Space | 74,66% Space Free | Partition Type: NTFS Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS Drive J: | 246,89 Gb Total Space | 217,02 Gb Free Space | 87,90% Space Free | Partition Type: NTFS Drive K: | 1397,26 Gb Total Space | 1259,90 Gb Free Space | 90,17% Space Free | Partition Type: NTFS Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\samy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\samy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll () MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\libglesv2.dll () MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\libegl.dll () MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys () DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F 3F 49 18 70 CD 01 [binary data] IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 19:22:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 19:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Extensions [2013.01.11 19:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Firefox\Profiles\8lvwitdi.default\extensions [2013.01.11 19:23:28 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\firefox\profiles\8lvwitdi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.01.11 19:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000..\Run: [Akamai NetSession Interface] C:\Users\samy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000..\Run: [Shotty] C:\Programme\Shotty\Shotty.exe (hxxp://shotty.devs-on.net) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC096F7-45CB-4E12-85E9-024AA1570A67}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 09:32:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.02 09:32:42 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.02 09:31:49 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\samy\Desktop\JRT.exe [2013.02.28 20:16:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 20:16:00 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 20:15:59 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 20:15:59 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 20:15:57 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 20:15:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 20:15:54 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 20:15:54 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 20:15:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 20:15:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 20:15:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 20:15:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 20:15:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 20:15:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 20:15:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 20:15:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 20:15:53 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 20:15:53 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 20:15:53 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 20:15:53 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 20:15:53 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 20:15:53 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 20:15:53 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 20:15:53 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 20:15:53 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 20:15:53 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 20:15:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 20:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 20:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 20:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 20:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 20:15:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 20:15:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 20:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 20:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 20:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 20:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 20:15:52 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 20:15:52 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 20:15:52 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 20:15:52 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.28 20:12:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.27 17:30:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.27 17:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.27 17:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.27 17:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.27 17:20:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.27 17:20:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.27 17:20:29 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\samy\Desktop\ComboFix.exe [2013.02.26 18:24:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\samy\Desktop\tdsskiller.exe [2013.02.25 19:46:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\samy\Desktop\aswMBR.exe [2013.02.25 19:33:33 | 000,000,000 | ---D | C] -- C:\Users\samy\Desktop\mbar [2013.02.23 23:56:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe [2013.02.23 23:41:40 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Roaming\Malwarebytes [2013.02.23 23:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.23 23:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.23 23:41:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.23 23:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.23 23:40:43 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\Programs [2013.02.13 23:54:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 23:54:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 23:54:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 23:54:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 23:54:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 23:54:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 23:54:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 23:54:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 23:54:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 23:54:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 23:54:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 23:54:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 23:54:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 23:54:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 23:54:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 17:07:32 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 17:07:32 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 17:07:31 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 17:07:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 17:07:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 17:07:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 17:07:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 17:07:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 17:07:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 17:07:21 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.06 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{935FD0CE-5103-4D30-8439-2E604FB8C379} ========== Files - Modified Within 30 Days ========== [2013.03.02 09:48:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 09:48:21 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 09:46:37 | 000,594,019 | ---- | M] () -- C:\Users\samy\Desktop\adwcleaner.exe [2013.03.02 09:31:45 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\samy\Desktop\JRT.exe [2013.03.02 09:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000UA.job [2013.03.02 09:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000Core.job [2013.03.02 09:16:06 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 09:16:06 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 09:13:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.02 09:13:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.02 09:13:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.02 09:13:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.02 09:13:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 00:09:23 | 000,000,059 | ---- | M] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini [2013.02.28 20:12:26 | 000,004,850 | ---- | M] () -- C:\Users\samy\Desktop\combofix_log.zip [2013.02.27 17:19:13 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\samy\Desktop\ComboFix.exe [2013.02.26 18:23:52 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\samy\Desktop\tdsskiller.exe [2013.02.25 23:25:32 | 000,002,358 | ---- | M] () -- C:\Users\samy\Desktop\Google Chrome.lnk [2013.02.25 19:58:47 | 000,000,512 | ---- | M] () -- C:\Users\samy\Desktop\MBR.dat [2013.02.25 19:46:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\samy\Desktop\aswMBR.exe [2013.02.25 19:32:42 | 013,711,621 | ---- | M] () -- C:\Users\samy\Desktop\mbar-1.01.0.1020.zip [2013.02.24 01:35:22 | 1275,748,834 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.24 00:07:00 | 000,376,832 | ---- | M] () -- C:\Users\samy\Desktop\gmer_2.1.19081.exe [2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe [2013.02.23 23:48:27 | 000,000,168 | ---- | M] () -- C:\Users\samy\defogger_reenable [2013.02.23 23:41:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.19 23:58:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.16 10:18:44 | 000,071,254 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt1.JPG [2013.02.16 10:18:03 | 000,070,766 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt.JPG [2013.02.14 07:05:50 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.02 09:46:41 | 000,594,019 | ---- | C] () -- C:\Users\samy\Desktop\adwcleaner.exe [2013.02.28 20:12:26 | 000,004,850 | ---- | C] () -- C:\Users\samy\Desktop\combofix_log.zip [2013.02.27 17:22:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.27 17:22:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.27 17:22:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.27 17:22:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.27 17:22:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.25 19:58:47 | 000,000,512 | ---- | C] () -- C:\Users\samy\Desktop\MBR.dat [2013.02.25 19:33:26 | 013,711,621 | ---- | C] () -- C:\Users\samy\Desktop\mbar-1.01.0.1020.zip [2013.02.24 00:07:03 | 000,376,832 | ---- | C] () -- C:\Users\samy\Desktop\gmer_2.1.19081.exe [2013.02.23 23:48:27 | 000,000,168 | ---- | C] () -- C:\Users\samy\defogger_reenable [2013.02.23 23:41:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.16 10:18:42 | 000,071,254 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt1.JPG [2013.02.16 10:18:02 | 000,070,766 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt.JPG [2012.10.21 19:26:27 | 000,000,059 | ---- | C] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini [2012.07.29 21:49:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.29 21:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.29 21:18:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.03.2013 09:50:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samy\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 81,94% Memory free 16,00 Gb Paging File | 14,33 Gb Available in Paging File | 89,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 181,87 Gb Total Space | 135,78 Gb Free Space | 74,66% Space Free | Partition Type: NTFS Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS Drive J: | 246,89 Gb Total Space | 217,02 Gb Free Space | 87,90% Space Free | Partition Type: NTFS Drive K: | 1397,26 Gb Total Space | 1259,90 Gb Free Space | 90,17% Space Free | Partition Type: NTFS Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F15225-E16A-4713-B9DF-33F1AD9CA705}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{048D1F88-7512-46AD-8000-43688957DC64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{07AB55F2-6CDB-4E46-89C8-FBDC8D533174}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{14DD3803-6F26-41FE-A7FC-C36751C7FB01}" = lport=137 | protocol=17 | dir=in | app=system | "{558CEAE5-0D92-4BDB-B022-CF53BFA2C162}" = lport=139 | protocol=6 | dir=in | app=system | "{72DEA8B3-BB07-4E4D-A2ED-CFE0A15DE958}" = rport=138 | protocol=17 | dir=out | app=system | "{7D31D475-B600-4290-B0FE-48C1A89AEDF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{823571E6-04C1-420E-9388-841A497FFE22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{85E32087-6681-41F8-8CD0-BD982F7E46E2}" = rport=139 | protocol=6 | dir=out | app=system | "{97CCB421-4066-4791-A0F3-D4E837E20080}" = lport=10243 | protocol=6 | dir=in | app=system | "{9EDBC558-C1DA-4D07-994A-8848E18405E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A1617044-6AA0-469E-9BEE-E4AB6FC153C3}" = rport=137 | protocol=17 | dir=out | app=system | "{A85EA74B-4AA7-4529-B19A-FDDBD4EE7144}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AF590DE8-A3C5-4921-84D2-56622DEFEEE8}" = lport=445 | protocol=6 | dir=in | app=system | "{B6CB3474-855A-47BB-810E-564D4A19A607}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3DC4704-EABE-4822-90A5-D093A63A6040}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5E6AAA3-E4C0-4DBE-8EA7-7948CEB567BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAAC9BA0-CC87-42C2-B4F8-FCFE6D81F7C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D4079088-CEBF-457C-BCBA-89FFD8C1760A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D6594916-A21F-49FA-94CB-A5E9544E7595}" = rport=445 | protocol=6 | dir=out | app=system | "{D7210C63-84F3-4AC6-BF3E-CA68D355BDAD}" = rport=10243 | protocol=6 | dir=out | app=system | "{E4EEF1FF-F65B-42AC-B367-9E8EF2F5E954}" = lport=138 | protocol=17 | dir=in | app=system | "{F09AB8F0-187E-4D59-97C4-8CEC2E6EEC3D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{FF6766DE-789B-4D81-A4FD-FFEDCF53282B}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0384B63C-8C8D-4D52-9AB3-60E87B16E8C0}" = protocol=6 | dir=out | app=system | "{06DBCE73-4118-4518-AED7-BA6A0C791E26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{0FBB02CD-9443-44B3-83C6-89E31E1FB143}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0FEB8371-A443-4814-8AEA-3B30D0C812C7}" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | "{1C5CE583-0162-4445-810C-F03586821B42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2CE1A38A-1993-4FBF-9DFC-14E524B7CB75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2D1D5302-ED89-4D1A-8569-60D84D61512F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{37099887-0BC0-4413-84E0-B9D1FDB3D243}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{371CE72E-7D54-45D4-AFE6-12A665201F72}" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | "{48E043F0-978D-4745-A082-0F14E5CE916F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4CC44CD5-401C-46C4-8400-1549B0D4B9C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{51C570A1-FEAF-488F-B70C-02B143763F6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A7067FF-3273-48D1-B249-C4E83B1EA037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{605BE319-8EBD-4E76-BBFF-43088531B016}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{653F1C6B-018B-485D-8181-217B6E316804}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{65F1042D-9DE2-43BE-B277-D37796B7BEEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{720D0018-537D-456D-8C98-4FA7096AFC59}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{76E21B9A-39F4-4658-A48B-C3AF92CADFC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7C61DD46-E055-4941-BA17-B4B8B7412862}" = protocol=58 | dir=in | app=system | "{8841CEBF-6F37-49EF-8A66-BF026EAAD5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8EBC49AE-8F31-4293-9A40-31840E555F55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9A7A542C-D947-431F-98BC-98386337D6AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A2BF3051-C7D8-47A5-99DF-C5896DF7FA89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC145854-5915-4C11-8E59-52E0D6F4DE20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AD1A0413-97EC-4B6C-8F7F-A05C5F47811B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B4ED0C98-9F08-4F87-8D2F-11AB8B6C7146}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B686FF35-57D2-4DE6-A0A8-FDE03927ED0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C7E8FB8A-A7DA-46AD-8F86-3980E172CA24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBB3BA63-F924-4CCE-A50D-257BE131CE7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CD0A95BB-CA21-4C94-B446-93516516B309}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D8CB7A4B-BB6F-4312-8DFA-3F34B0BA8E62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DFBD355B-0E06-47DE-8076-D0D4D1BCC0D2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E096242B-1C25-47DA-A35D-1CE8349B0271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB976E4E-AD03-4202-94B4-05E0D4140643}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{FE384036-FE29-487F-AD17-D5F019764600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{5B41A2B9-2FB9-45F0-BA67-839264AFC221}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | "TCP Query User{71C355E3-2C6B-4BBB-A9BA-57891CE31D67}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | "TCP Query User{728066D2-01D8-4BF1-9A02-905EB12E8B36}I:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=i:\guild wars 2\gw2.exe | "TCP Query User{7D3CD8F9-A8C3-4597-AF33-50856BF9490F}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "TCP Query User{D12140EF-FF88-48C6-889E-8E4B14598376}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{17F37F4D-A75B-428F-A096-CFA29F9AFD60}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{20C4E0D4-E176-4219-B6A2-F0CE5335BBA2}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | "UDP Query User{3ECAB189-A163-4E1E-B9D2-62D46313ACC0}I:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=i:\guild wars 2\gw2.exe | "UDP Query User{75BAC315-B38E-463F-A202-F64861CE0DF8}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | "UDP Query User{836DE1FD-7649-48BA-AE7A-806861F413AD}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs "{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "2e730c18-03e8-4d1d-8fc2-0ee3ea04a765" = Shotty - Kleines aber eindrucksvolles Screenshot Tool "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional "{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5 "{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English "{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy "{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All "{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common "{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai "{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese "{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish "{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian "{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish "{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 12 Professional Demo "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian "{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision "{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "Goodnight Timer_is1" = Goodnight Timer 1.1 "Guild Wars 2" = Guild Wars 2 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "TeamSpeak 3 Client" = TeamSpeak 3 Client "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 0.9.9 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Google Chrome" = Google Chrome "SOE-DC Universe Online Live" = DC Universe Online Live "SOE-DC Universe Online Live PSG" = DC Universe Online Live ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.03.2013 04:50:12 | Computer Name = samy-PC | Source = WinMgmt | ID = 10 Description = < End of report > |
02.03.2013, 12:39 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
03.03.2013, 01:31 | #13 |
| Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Hier das Ergebnis von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.02.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 samy :: SAMY-PC [Administrator] 02.03.2013 14:22:59 mbam-log-2013-03-02 (14-22-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208021 Laufzeit: 1 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=b28235c16793be4c9ce7b2aa636684da # engine=13283 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-03-02 02:23:29 # local_time=2013-03-02 03:23:29 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 18640227 113864059 0 0 # scanned=161823 # found=0 # cleaned=0 # scan_time=2918 |
03.03.2013, 18:34 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
04.03.2013, 22:25 | #15 |
| Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 Danke dir für die Mühe, scheint jetzt soweit alles wieder in Ordnung zu sein. Hatte die letzen zwei Tage keine Probleme mehr. Die Infos zu den Cookies werd ich mir zu herzen nehmen und mir mal die Sache anschauen. Gibt es sonst noch Programme die man haben "sollte" um so einen Fall in der Zukunft zu vermeiden? |
Themen zu Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 |
akamai, autorun, bho, bonjour, converter, error, explorer, fehler, firefox, format, homepage, install.exe, logfile, mozilla, mp3, ntdll.dll, office 2007, plug-in, registry, rundll, scan, security, senden, software, svchost.exe, teamspeak, temp, trojaner, udp, vdeck.exe |