Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.02.2013, 23:49   #1
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Hallo liebes Team,

ich hoffe ihr könnt mir helfen, bin gerade wirklich am verzweifeln.

Nachdem mein PC sich heute einige Male neu gestartet hatte und nach dem Neustart eine Meldung kam bezüglich eines unerwarteten Fehlers habe ich ein Systembackup machen wollen. Das Backup konnte ich leider nicht abschliessen und bekam die Fehelermeldung Fehler 0x81000037. Daraufhin habe ich mit Microsoft Security Essentials nen Scan gemacht und es wurde ein Trojaner namens Pws:win32... gefunden. Leider habe ich hier nicht aufgepasst und habe diesen leider entfernt anstelle von in Quarantäne verschieben wodurch ich den genauen Namen leider nicht mehr angeben kann.
Daraufhin habe ich nochmals nen Scan gemacht und es wurde etwas mit dem Namen virtool:win32/ceeinject.gen!id gefunden.

Mit Malwarebytes wurde nichts gefunden. Leider kenne ich mich nicht so gut aus und hoffe ihr könnt mir weiterhelfen.

Hier mal alle Logs:

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
samy :: SAMY-PC [Administrator]

23.02.2013 23:42:30
mbam-log-2013-02-23 (23-42-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203672
Laufzeit: 2 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL.txt:
Code:
ATTFilter
OTL logfile created on: 23.02.2013 23:56:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 75,88% Memory free
16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 181,87 Gb Total Space | 133,37 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS
Drive J: | 246,89 Gb Total Space | 214,97 Gb Free Space | 87,07% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1263,26 Gb Free Space | 90,41% Space Free | Partition Type: NTFS
Drive L: | 980,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\samy\AppData\Local\Akamai\netsession_win.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.12 19:55:25 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.06 21:14:18 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.18 12:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.06.18 12:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.03.02 18:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 11:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F 3F 49 18 70 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 19:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.11 19:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Extensions
[2013.01.11 19:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Firefox\Profiles\8lvwitdi.default\extensions
[2013.01.11 19:23:28 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\firefox\profiles\8lvwitdi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.11 19:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\samy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Tampermonkey = C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124_0\
CHR - Extension: YouTube to MP3 Converter = C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\samy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Shotty] C:\Programme\Shotty\Shotty.exe (hxxp://shotty.devs-on.net)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC096F7-45CB-4E12-85E9-024AA1570A67}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.08 01:45:00 | 000,000,175 | R--- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell - "" = AutoRun
O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\AutoRun\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\configure\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{feeb37f7-dfdd-11e1-9352-003067a73f95}\Shell\install\command - "" = L:\setup.exe -- [2010.01.08 01:45:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 23:56:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe
[2013.02.23 23:41:40 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Roaming\Malwarebytes
[2013.02.23 23:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.23 23:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 23:41:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.23 23:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.23 23:40:43 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\Programs
[2013.02.06 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{935FD0CE-5103-4D30-8439-2E604FB8C379}
[2013.01.29 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{C27DB121-ACA7-475E-9A81-D112EE8DED4E}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe
[2013.02.23 23:48:27 | 000,000,168 | ---- | M] () -- C:\Users\samy\defogger_reenable
[2013.02.23 23:41:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.23 23:23:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000UA.job
[2013.02.23 21:58:12 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 21:58:12 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 21:55:17 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 21:55:17 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 21:55:17 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 21:55:17 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 21:55:17 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 21:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 21:50:46 | 414,670,434 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.23 21:50:46 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 09:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000Core.job
[2013.02.20 22:33:39 | 000,000,059 | ---- | M] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini
[2013.02.19 23:58:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.16 10:18:44 | 000,071,254 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt1.JPG
[2013.02.16 10:18:03 | 000,070,766 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt.JPG
[2013.02.14 07:05:50 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.02 18:22:00 | 000,002,358 | ---- | M] () -- C:\Users\samy\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.23 23:48:27 | 000,000,168 | ---- | C] () -- C:\Users\samy\defogger_reenable
[2013.02.23 23:41:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.16 10:18:42 | 000,071,254 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt1.JPG
[2013.02.16 10:18:02 | 000,070,766 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt.JPG
[2012.10.21 19:26:27 | 000,000,059 | ---- | C] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini
[2012.07.29 21:49:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.29 21:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.29 21:18:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.06 21:17:41 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\DAEMON Tools Lite
[2013.01.16 20:18:36 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Fyahry
[2013.01.11 19:26:57 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Ibfea
[2013.01.11 19:57:42 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Mipiuw
[2012.08.06 21:14:16 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\OpenCandy
[2013.01.22 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\TS3Client
[2013.02.18 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\UseNeXT
[2012.08.29 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\samy\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
Extra.txt:
Code:
ATTFilter
OTL Extras logfile created on: 23.02.2013 23:56:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 75,88% Memory free
16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 181,87 Gb Total Space | 133,37 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS
Drive J: | 246,89 Gb Total Space | 214,97 Gb Free Space | 87,07% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1263,26 Gb Free Space | 90,41% Space Free | Partition Type: NTFS
Drive L: | 980,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F15225-E16A-4713-B9DF-33F1AD9CA705}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{048D1F88-7512-46AD-8000-43688957DC64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{07AB55F2-6CDB-4E46-89C8-FBDC8D533174}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{14DD3803-6F26-41FE-A7FC-C36751C7FB01}" = lport=137 | protocol=17 | dir=in | app=system | 
"{558CEAE5-0D92-4BDB-B022-CF53BFA2C162}" = lport=139 | protocol=6 | dir=in | app=system | 
"{72DEA8B3-BB07-4E4D-A2ED-CFE0A15DE958}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7D31D475-B600-4290-B0FE-48C1A89AEDF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{823571E6-04C1-420E-9388-841A497FFE22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85E32087-6681-41F8-8CD0-BD982F7E46E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{97CCB421-4066-4791-A0F3-D4E837E20080}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9EDBC558-C1DA-4D07-994A-8848E18405E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1617044-6AA0-469E-9BEE-E4AB6FC153C3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A85EA74B-4AA7-4529-B19A-FDDBD4EE7144}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AF590DE8-A3C5-4921-84D2-56622DEFEEE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B6CB3474-855A-47BB-810E-564D4A19A607}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3DC4704-EABE-4822-90A5-D093A63A6040}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5E6AAA3-E4C0-4DBE-8EA7-7948CEB567BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAAC9BA0-CC87-42C2-B4F8-FCFE6D81F7C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D4079088-CEBF-457C-BCBA-89FFD8C1760A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6594916-A21F-49FA-94CB-A5E9544E7595}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D7210C63-84F3-4AC6-BF3E-CA68D355BDAD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E4EEF1FF-F65B-42AC-B367-9E8EF2F5E954}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F09AB8F0-187E-4D59-97C4-8CEC2E6EEC3D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FF6766DE-789B-4D81-A4FD-FFEDCF53282B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0384B63C-8C8D-4D52-9AB3-60E87B16E8C0}" = protocol=6 | dir=out | app=system | 
"{06DBCE73-4118-4518-AED7-BA6A0C791E26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0FBB02CD-9443-44B3-83C6-89E31E1FB143}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0FEB8371-A443-4814-8AEA-3B30D0C812C7}" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | 
"{1C5CE583-0162-4445-810C-F03586821B42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CE1A38A-1993-4FBF-9DFC-14E524B7CB75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2D1D5302-ED89-4D1A-8569-60D84D61512F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{37099887-0BC0-4413-84E0-B9D1FDB3D243}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{371CE72E-7D54-45D4-AFE6-12A665201F72}" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | 
"{48E043F0-978D-4745-A082-0F14E5CE916F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4CC44CD5-401C-46C4-8400-1549B0D4B9C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{51C570A1-FEAF-488F-B70C-02B143763F6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A7067FF-3273-48D1-B249-C4E83B1EA037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{605BE319-8EBD-4E76-BBFF-43088531B016}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{653F1C6B-018B-485D-8181-217B6E316804}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65F1042D-9DE2-43BE-B277-D37796B7BEEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{720D0018-537D-456D-8C98-4FA7096AFC59}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{76E21B9A-39F4-4658-A48B-C3AF92CADFC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7C61DD46-E055-4941-BA17-B4B8B7412862}" = protocol=58 | dir=in | app=system | 
"{8841CEBF-6F37-49EF-8A66-BF026EAAD5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8EBC49AE-8F31-4293-9A40-31840E555F55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9A7A542C-D947-431F-98BC-98386337D6AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A2BF3051-C7D8-47A5-99DF-C5896DF7FA89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC145854-5915-4C11-8E59-52E0D6F4DE20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD1A0413-97EC-4B6C-8F7F-A05C5F47811B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4ED0C98-9F08-4F87-8D2F-11AB8B6C7146}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B686FF35-57D2-4DE6-A0A8-FDE03927ED0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7E8FB8A-A7DA-46AD-8F86-3980E172CA24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBB3BA63-F924-4CCE-A50D-257BE131CE7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CD0A95BB-CA21-4C94-B446-93516516B309}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D8CB7A4B-BB6F-4312-8DFA-3F34B0BA8E62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DFBD355B-0E06-47DE-8076-D0D4D1BCC0D2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E096242B-1C25-47DA-A35D-1CE8349B0271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB976E4E-AD03-4202-94B4-05E0D4140643}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FE384036-FE29-487F-AD17-D5F019764600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{5B41A2B9-2FB9-45F0-BA67-839264AFC221}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | 
"TCP Query User{71C355E3-2C6B-4BBB-A9BA-57891CE31D67}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{728066D2-01D8-4BF1-9A02-905EB12E8B36}I:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=i:\guild wars 2\gw2.exe | 
"TCP Query User{7D3CD8F9-A8C3-4597-AF33-50856BF9490F}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"TCP Query User{D12140EF-FF88-48C6-889E-8E4B14598376}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{17F37F4D-A75B-428F-A096-CFA29F9AFD60}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{20C4E0D4-E176-4219-B6A2-F0CE5335BBA2}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | 
"UDP Query User{3ECAB189-A163-4E1E-B9D2-62D46313ACC0}I:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=i:\guild wars 2\gw2.exe | 
"UDP Query User{75BAC315-B38E-463F-A202-F64861CE0DF8}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{836DE1FD-7649-48BA-AE7A-806861F413AD}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs
"{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2e730c18-03e8-4d1d-8fc2-0ee3ea04a765" = Shotty - Kleines aber eindrucksvolles Screenshot Tool
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5
"{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English
"{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy
"{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All
"{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common
"{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai
"{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese
"{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish
"{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian
"{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish
"{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 12 Professional Demo
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian
"{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2013 04:55:26 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2013 11:45:03 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.02.2013 12:51:11 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 02:08:04 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 12:00:22 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2013 02:07:13 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2013 16:04:33 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.02.2013 12:10:46 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.02.2013 04:02:19 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.02.2013 04:19:42 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.02.2013 04:06:48 | Computer Name = samy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?02.?2013 um 09:04:02 unerwartet heruntergefahren.
 
Error - 23.02.2013 04:06:51 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.02.2013 05:22:06 | Computer Name = samy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?02.?2013 um 10:00:05 unerwartet heruntergefahren.
 
Error - 23.02.2013 05:22:06 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.02.2013 16:51:04 | Computer Name = samy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?02.?2013 um 21:48:51 unerwartet heruntergefahren.
 
Error - 23.02.2013 16:51:08 | Computer Name = SAMY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.02.2013 16:51:21 | Computer Name = samy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 23.02.2013 16:51:21 | Computer Name = samy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 23.02.2013 16:51:22 | Computer Name = samy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 23.02.2013 16:51:23 | Computer Name = samy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
 
< End of report >
         
Gmer:
Code:
ATTFilter
GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-24 00:28:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.JP4O 931,51GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\samy\AppData\Local\Temp\kxldypob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\svchost.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000777f1465 2 bytes [7F, 77]
.text  C:\Windows\SysWOW64\svchost.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Akamai\netsession_win.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\Desktop\OTL.exe[4540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                         00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\Desktop\OTL.exe[4540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                        00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
?      C:\Windows\system32\mssprxy.dll [4208] entry point in ".rdata" section                                                              00000000749271e6
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     000000007783f991 7 bytes {MOV EDX, 0x71c228; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          000000007783fbd5 7 bytes {MOV EDX, 0x71c268; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              000000007783fc05 7 bytes {MOV EDX, 0x71c1a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       000000007783fc1d 7 bytes {MOV EDX, 0x71c128; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         000000007783fc35 7 bytes {MOV EDX, 0x71c328; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       000000007783fc65 7 bytes {MOV EDX, 0x71c368; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        000000007783fce5 7 bytes {MOV EDX, 0x71c2e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       000000007783fcfd 7 bytes {MOV EDX, 0x71c2a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 000000007783fd49 7 bytes {MOV EDX, 0x71c068; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      000000007783fe41 7 bytes {MOV EDX, 0x71c0a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077840099 7 bytes {MOV EDX, 0x71c028; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         00000000778410a5 7 bytes {MOV EDX, 0x71c1e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               000000007784111d 7 bytes {MOV EDX, 0x71c168; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077841321 7 bytes {MOV EDX, 0x71c0e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5      000000007783f991 7 bytes {MOV EDX, 0xcb4228; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5           000000007783fbd5 7 bytes {MOV EDX, 0xcb4268; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5               000000007783fc05 7 bytes {MOV EDX, 0xcb41a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5        000000007783fc1d 7 bytes {MOV EDX, 0xcb4128; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5          000000007783fc35 7 bytes {MOV EDX, 0xcb4328; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5        000000007783fc65 7 bytes {MOV EDX, 0xcb4368; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5         000000007783fce5 7 bytes {MOV EDX, 0xcb42e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5        000000007783fcfd 7 bytes {MOV EDX, 0xcb42a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                  000000007783fd49 7 bytes {MOV EDX, 0xcb4068; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5       000000007783fe41 7 bytes {MOV EDX, 0xcb40a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                0000000077840099 7 bytes {MOV EDX, 0xcb4028; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5          00000000778410a5 7 bytes {MOV EDX, 0xcb41e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                000000007784111d 7 bytes {MOV EDX, 0xcb4168; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5   0000000077841321 7 bytes {MOV EDX, 0xcb40e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     000000007783f991 7 bytes {MOV EDX, 0xc96e28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          000000007783fbd5 7 bytes {MOV EDX, 0xc96e68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              000000007783fc05 7 bytes {MOV EDX, 0xc96da8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       000000007783fc1d 7 bytes {MOV EDX, 0xc96d28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         000000007783fc35 7 bytes {MOV EDX, 0xc96f28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       000000007783fc65 7 bytes {MOV EDX, 0xc96f68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        000000007783fce5 7 bytes {MOV EDX, 0xc96ee8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       000000007783fcfd 7 bytes {MOV EDX, 0xc96ea8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 000000007783fd49 7 bytes {MOV EDX, 0xc96c68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      000000007783fe41 7 bytes {MOV EDX, 0xc96ca8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077840099 7 bytes {MOV EDX, 0xc96c28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         00000000778410a5 7 bytes {MOV EDX, 0xc96de8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               000000007784111d 7 bytes {MOV EDX, 0xc96d68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077841321 7 bytes {MOV EDX, 0xc96ce8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     000000007783f991 7 bytes {MOV EDX, 0x571a28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          000000007783fbd5 7 bytes {MOV EDX, 0x571a68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              000000007783fc05 7 bytes {MOV EDX, 0x5719a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       000000007783fc1d 7 bytes {MOV EDX, 0x571928; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         000000007783fc35 7 bytes {MOV EDX, 0x571b28; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       000000007783fc65 7 bytes {MOV EDX, 0x571b68; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        000000007783fce5 7 bytes {MOV EDX, 0x571ae8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       000000007783fcfd 7 bytes {MOV EDX, 0x571aa8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 000000007783fd49 7 bytes {MOV EDX, 0x571868; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      000000007783fe41 7 bytes {MOV EDX, 0x5718a8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077840099 7 bytes {MOV EDX, 0x571828; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         00000000778410a5 7 bytes {MOV EDX, 0x5719e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               000000007784111d 7 bytes {MOV EDX, 0x571968; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077841321 7 bytes {MOV EDX, 0x5718e8; JMP RDX}
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000777f1465 2 bytes [7F, 77]
.text  C:\Users\samy\AppData\Local\Google\Chrome\Application\chrome.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000777f14bb 2 bytes [7F, 77]
.text  ...                                                                                                                                 * 2

---- EOF - GMER 2.1 ----
         

Alt 24.02.2013, 22:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Hallo und

Zitat:
Daraufhin habe ich nochmals nen Scan gemacht und es wurde etwas mit dem Namen virtool:win32/ceeinject.gen!id gefunden.
Wo genau wirde das gefunden?
Nur der Schädlingname als Info reicht nicht!



Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________

__________________

Alt 25.02.2013, 19:03   #3
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Hallo cosinus,

danke dir für die schnelle Antwort und deine Mühe.

Alles was ich an Infos hatte war folgendes:

Kategorie: Tool
Beschreibung: Dieses Programm wird verwendet, um Viren, Würmer oder andere Malware zu erzeugen.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\Users\samy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7fb331e3-2272d253


Ich bin mir leider nicht sicher ob der Punkt "Elemente" den Ort anzeigt an dem es gefunden wurde.

Hier die Logs:

MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
samy :: SAMY-PC [administrator]

25.02.2013 19:41:40
mbar-log-2013-02-25 (19-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29345
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-25 19:46:44
-----------------------------
19:46:44.881    OS Version: Windows x64 6.1.7601 Service Pack 1
19:46:44.881    Number of processors: 4 586 0x503
19:46:44.882    ComputerName: SAMY-PC  UserName: samy
19:46:45.804    Initialize success
19:48:02.728    AVAST engine defs: 13022500
19:49:04.935    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
19:49:04.939    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
19:49:04.949    Disk 0 MBR read successfully
19:49:04.952    Disk 0 MBR scan
19:49:04.959    Disk 0 Windows 7 default MBR code
19:49:04.963    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:49:04.994    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       186238 MB offset 206848
19:49:05.026    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       514712 MB offset 381624320
19:49:05.052    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       252814 MB offset 1435756544
19:49:05.111    Disk 0 scanning C:\Windows\system32\drivers
19:49:14.882    Service scanning
19:49:46.262    Modules scanning
19:49:46.281    Disk 0 trace - called modules:
19:49:46.635    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
19:49:46.646    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db1060]
19:49:46.658    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8007ae93d0]
19:49:46.669    5 ACPI.sys[fffff88000f177a1] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8007aed9c0]
19:49:47.310    AVAST engine scan C:\Windows
19:49:49.156    AVAST engine scan C:\Windows\system32
19:53:06.342    AVAST engine scan C:\Windows\system32\drivers
19:53:17.992    AVAST engine scan C:\Users\samy
19:57:10.440    AVAST engine scan C:\ProgramData
19:57:45.452    Scan finished successfully
19:58:47.385    Disk 0 MBR has been saved successfully to "C:\Users\samy\Desktop\MBR.dat"
19:58:47.438    The log file has been saved successfully to "C:\Users\samy\Desktop\aswMBR.txt"
         
Freue mich auf weitere Anweisungen.

LG
soatix
__________________

Alt 25.02.2013, 23:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2013, 17:27   #5
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Hier die Logfile von TDSS-Killer

Code:
ATTFilter
18:24:08.0658 4316  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:24:08.0985 4316  ============================================================
18:24:08.0985 4316  Current date / time: 2013/02/26 18:24:08.0985
18:24:08.0985 4316  SystemInfo:
18:24:08.0985 4316  
18:24:08.0985 4316  OS Version: 6.1.7601 ServicePack: 1.0
18:24:08.0985 4316  Product type: Workstation
18:24:08.0985 4316  ComputerName: SAMY-PC
18:24:08.0986 4316  UserName: samy
18:24:08.0986 4316  Windows directory: C:\Windows
18:24:08.0986 4316  System windows directory: C:\Windows
18:24:08.0986 4316  Running under WOW64
18:24:08.0986 4316  Processor architecture: Intel x64
18:24:08.0986 4316  Number of processors: 4
18:24:08.0986 4316  Page size: 0x1000
18:24:08.0986 4316  Boot type: Normal boot
18:24:08.0986 4316  ============================================================
18:24:10.0066 4316  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:18.0593 4316  Drive \Device\Harddisk5\DR5 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:24:18.0598 4316  ============================================================
18:24:18.0598 4316  \Device\Harddisk0\DR0:
18:24:18.0608 4316  MBR partitions:
18:24:18.0608 4316  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:24:18.0608 4316  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16BBF000
18:24:18.0609 4316  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16BF2000, BlocksNum 0x3ED4C000
18:24:18.0609 4316  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x5593E800, BlocksNum 0x1EDC7000
18:24:18.0609 4316  \Device\Harddisk5\DR5:
18:24:18.0609 4316  MBR partitions:
18:24:18.0610 4316  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
18:24:18.0610 4316  ============================================================
18:24:18.0652 4316  C: <-> \Device\Harddisk0\DR0\Partition2
18:24:18.0671 4316  J: <-> \Device\Harddisk0\DR0\Partition4
18:24:18.0709 4316  I: <-> \Device\Harddisk0\DR0\Partition3
18:24:18.0741 4316  K: <-> \Device\Harddisk5\DR5\Partition1
18:24:18.0741 4316  ============================================================
18:24:18.0741 4316  Initialize success
18:24:18.0741 4316  ============================================================
18:25:30.0957 0216  ============================================================
18:25:30.0957 0216  Scan started
18:25:30.0957 0216  Mode: Manual; SigCheck; TDLFS; 
18:25:30.0957 0216  ============================================================
18:25:31.0503 0216  ================ Scan system memory ========================
18:25:31.0519 0216  System memory - ok
18:25:31.0519 0216  ================ Scan services =============================
18:25:31.0644 0216  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:25:31.0690 0216  1394ohci - ok
18:25:31.0706 0216  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:25:31.0722 0216  ACPI - ok
18:25:31.0737 0216  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:25:31.0753 0216  AcpiPmi - ok
18:25:31.0768 0216  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:25:31.0784 0216  adp94xx - ok
18:25:31.0815 0216  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:25:31.0831 0216  adpahci - ok
18:25:31.0846 0216  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:25:31.0862 0216  adpu320 - ok
18:25:31.0893 0216  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:25:31.0956 0216  AeLookupSvc - ok
18:25:32.0002 0216  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:25:32.0018 0216  AFD - ok
18:25:32.0049 0216  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:25:32.0049 0216  agp440 - ok
18:25:32.0236 0216  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
18:25:32.0236 0216  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
18:25:32.0252 0216  Akamai ( HiddenFile.Multi.Generic ) - warning
18:25:32.0252 0216  Akamai - detected HiddenFile.Multi.Generic (1)
18:25:32.0268 0216  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:25:32.0314 0216  ALG - ok
18:25:32.0361 0216  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:25:32.0377 0216  aliide - ok
18:25:32.0424 0216  [ DCEEE24E57E8176115207312F827C130 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:25:32.0455 0216  AMD External Events Utility - ok
18:25:32.0470 0216  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:25:32.0486 0216  amdide - ok
18:25:32.0502 0216  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:25:32.0517 0216  AmdK8 - ok
18:25:32.0673 0216  [ F6640D83AF0FD74C50E23E68548EA9A0 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:25:32.0782 0216  amdkmdag - ok
18:25:32.0814 0216  [ 20B63276A1920B41E1C56720B395049B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:25:32.0829 0216  amdkmdap - ok
18:25:32.0845 0216  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:25:32.0876 0216  AmdPPM - ok
18:25:32.0892 0216  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:25:32.0907 0216  amdsata - ok
18:25:32.0923 0216  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:25:32.0938 0216  amdsbs - ok
18:25:32.0954 0216  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:25:32.0954 0216  amdxata - ok
18:25:32.0985 0216  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:25:33.0016 0216  AppID - ok
18:25:33.0032 0216  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:25:33.0063 0216  AppIDSvc - ok
18:25:33.0079 0216  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:25:33.0110 0216  Appinfo - ok
18:25:33.0188 0216  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:25:33.0219 0216  Apple Mobile Device - ok
18:25:33.0250 0216  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:25:33.0266 0216  AppMgmt - ok
18:25:33.0297 0216  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:25:33.0297 0216  arc - ok
18:25:33.0328 0216  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:25:33.0344 0216  arcsas - ok
18:25:33.0360 0216  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:25:33.0406 0216  AsyncMac - ok
18:25:33.0422 0216  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:25:33.0438 0216  atapi - ok
18:25:33.0438 0216  athr - ok
18:25:33.0516 0216  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:25:33.0547 0216  AtiHDAudioService - ok
18:25:33.0578 0216  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:25:33.0640 0216  AudioEndpointBuilder - ok
18:25:33.0640 0216  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:25:33.0672 0216  AudioSrv - ok
18:25:33.0703 0216  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:25:33.0734 0216  AxInstSV - ok
18:25:33.0765 0216  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:25:33.0796 0216  b06bdrv - ok
18:25:33.0812 0216  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:25:33.0843 0216  b57nd60a - ok
18:25:33.0859 0216  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:25:33.0874 0216  BDESVC - ok
18:25:33.0890 0216  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:25:33.0921 0216  Beep - ok
18:25:33.0952 0216  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:25:33.0999 0216  BFE - ok
18:25:34.0030 0216  [ 00CADB1BC2D0030F0B2A1063618B6BD7 ] BIOS            C:\Windows\system32\drivers\BIOS64.sys
18:25:34.0093 0216  BIOS - ok
18:25:34.0140 0216  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:25:34.0218 0216  BITS - ok
18:25:34.0249 0216  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:25:34.0280 0216  blbdrive - ok
18:25:34.0327 0216  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:25:34.0358 0216  Bonjour Service - ok
18:25:34.0374 0216  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:25:34.0405 0216  bowser - ok
18:25:34.0420 0216  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:25:34.0436 0216  BrFiltLo - ok
18:25:34.0452 0216  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:25:34.0467 0216  BrFiltUp - ok
18:25:34.0498 0216  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:25:34.0514 0216  Browser - ok
18:25:34.0530 0216  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:25:34.0561 0216  Brserid - ok
18:25:34.0561 0216  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:25:34.0592 0216  BrSerWdm - ok
18:25:34.0608 0216  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:25:34.0623 0216  BrUsbMdm - ok
18:25:34.0639 0216  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:25:34.0670 0216  BrUsbSer - ok
18:25:34.0670 0216  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:25:34.0686 0216  BTHMODEM - ok
18:25:34.0717 0216  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:25:34.0764 0216  bthserv - ok
18:25:34.0795 0216  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:25:34.0857 0216  cdfs - ok
18:25:34.0904 0216  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:25:34.0935 0216  cdrom - ok
18:25:34.0951 0216  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:25:35.0013 0216  CertPropSvc - ok
18:25:35.0029 0216  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:25:35.0044 0216  circlass - ok
18:25:35.0076 0216  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:25:35.0091 0216  CLFS - ok
18:25:35.0154 0216  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:35.0169 0216  clr_optimization_v2.0.50727_32 - ok
18:25:35.0216 0216  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:25:35.0232 0216  clr_optimization_v2.0.50727_64 - ok
18:25:35.0310 0216  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:25:35.0325 0216  clr_optimization_v4.0.30319_32 - ok
18:25:35.0356 0216  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:25:35.0372 0216  clr_optimization_v4.0.30319_64 - ok
18:25:35.0388 0216  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:25:35.0403 0216  CmBatt - ok
18:25:35.0419 0216  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:25:35.0434 0216  cmdide - ok
18:25:35.0450 0216  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:25:35.0481 0216  CNG - ok
18:25:35.0497 0216  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:25:35.0497 0216  Compbatt - ok
18:25:35.0512 0216  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:25:35.0528 0216  CompositeBus - ok
18:25:35.0544 0216  COMSysApp - ok
18:25:35.0559 0216  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:25:35.0575 0216  crcdisk - ok
18:25:35.0606 0216  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:25:35.0622 0216  CryptSvc - ok
18:25:35.0653 0216  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:25:35.0684 0216  CSC - ok
18:25:35.0715 0216  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:25:35.0731 0216  CscService - ok
18:25:35.0762 0216  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:25:35.0809 0216  DcomLaunch - ok
18:25:35.0840 0216  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:25:35.0887 0216  defragsvc - ok
18:25:35.0918 0216  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:25:35.0965 0216  DfsC - ok
18:25:35.0996 0216  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:25:36.0012 0216  Dhcp - ok
18:25:36.0027 0216  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:25:36.0074 0216  discache - ok
18:25:36.0105 0216  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:25:36.0105 0216  Disk - ok
18:25:36.0121 0216  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
18:25:36.0136 0216  dmvsc - ok
18:25:36.0152 0216  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:25:36.0183 0216  Dnscache - ok
18:25:36.0199 0216  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:25:36.0230 0216  dot3svc - ok
18:25:36.0246 0216  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:25:36.0277 0216  DPS - ok
18:25:36.0292 0216  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:25:36.0308 0216  drmkaud - ok
18:25:36.0339 0216  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:25:36.0355 0216  dtsoftbus01 - ok
18:25:36.0386 0216  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:25:36.0402 0216  DXGKrnl - ok
18:25:36.0417 0216  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:25:36.0448 0216  EapHost - ok
18:25:36.0511 0216  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:25:36.0573 0216  ebdrv - ok
18:25:36.0589 0216  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:25:36.0604 0216  EFS - ok
18:25:36.0651 0216  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:25:36.0682 0216  ehRecvr - ok
18:25:36.0698 0216  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:25:36.0714 0216  ehSched - ok
18:25:36.0745 0216  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:25:36.0760 0216  elxstor - ok
18:25:36.0776 0216  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:25:36.0792 0216  ErrDev - ok
18:25:36.0823 0216  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:25:36.0854 0216  EventSystem - ok
18:25:36.0870 0216  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:25:36.0901 0216  exfat - ok
18:25:36.0916 0216  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:25:36.0963 0216  fastfat - ok
18:25:36.0979 0216  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:25:36.0994 0216  Fax - ok
18:25:37.0026 0216  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:25:37.0057 0216  fdc - ok
18:25:37.0072 0216  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:25:37.0104 0216  fdPHost - ok
18:25:37.0119 0216  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:25:37.0150 0216  FDResPub - ok
18:25:37.0166 0216  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:25:37.0182 0216  FileInfo - ok
18:25:37.0197 0216  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:25:37.0228 0216  Filetrace - ok
18:25:37.0228 0216  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:25:37.0244 0216  flpydisk - ok
18:25:37.0260 0216  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:25:37.0275 0216  FltMgr - ok
18:25:37.0291 0216  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:25:37.0322 0216  FontCache - ok
18:25:37.0369 0216  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:25:37.0400 0216  FontCache3.0.0.0 - ok
18:25:37.0416 0216  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:25:37.0447 0216  FsDepends - ok
18:25:37.0462 0216  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:25:37.0478 0216  Fs_Rec - ok
18:25:37.0494 0216  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:25:37.0509 0216  fvevol - ok
18:25:37.0540 0216  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:25:37.0540 0216  gagp30kx - ok
18:25:37.0587 0216  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:25:37.0587 0216  GEARAspiWDM - ok
18:25:37.0618 0216  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:25:37.0665 0216  gpsvc - ok
18:25:37.0681 0216  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:25:37.0696 0216  hcw85cir - ok
18:25:37.0728 0216  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:25:37.0743 0216  HdAudAddService - ok
18:25:37.0774 0216  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:25:37.0790 0216  HDAudBus - ok
18:25:37.0790 0216  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:25:37.0806 0216  HidBatt - ok
18:25:37.0821 0216  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:25:37.0821 0216  HidBth - ok
18:25:37.0837 0216  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:25:37.0837 0216  HidIr - ok
18:25:37.0852 0216  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:25:37.0899 0216  hidserv - ok
18:25:37.0915 0216  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:25:37.0915 0216  HidUsb - ok
18:25:37.0946 0216  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:25:38.0024 0216  hkmsvc - ok
18:25:38.0040 0216  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:25:38.0055 0216  HomeGroupListener - ok
18:25:38.0086 0216  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:25:38.0102 0216  HomeGroupProvider - ok
18:25:38.0133 0216  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:25:38.0149 0216  HpSAMD - ok
18:25:38.0164 0216  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:25:38.0211 0216  HTTP - ok
18:25:38.0227 0216  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:25:38.0227 0216  hwpolicy - ok
18:25:38.0242 0216  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:25:38.0258 0216  i8042prt - ok
18:25:38.0274 0216  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:25:38.0289 0216  iaStorV - ok
18:25:38.0320 0216  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:25:38.0352 0216  idsvc - ok
18:25:38.0476 0216  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:25:38.0586 0216  igfx - ok
18:25:38.0601 0216  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:25:38.0601 0216  iirsp - ok
18:25:38.0632 0216  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:25:38.0679 0216  IKEEXT - ok
18:25:38.0695 0216  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:25:38.0710 0216  intelide - ok
18:25:38.0742 0216  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
18:25:38.0773 0216  intelppm - ok
18:25:38.0788 0216  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:25:38.0835 0216  IPBusEnum - ok
18:25:38.0835 0216  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:25:38.0866 0216  IpFilterDriver - ok
18:25:38.0898 0216  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:25:38.0944 0216  iphlpsvc - ok
18:25:38.0944 0216  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:25:38.0960 0216  IPMIDRV - ok
18:25:38.0960 0216  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:25:39.0007 0216  IPNAT - ok
18:25:39.0054 0216  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:25:39.0069 0216  iPod Service - ok
18:25:39.0116 0216  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:25:39.0147 0216  IRENUM - ok
18:25:39.0163 0216  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:25:39.0178 0216  isapnp - ok
18:25:39.0194 0216  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:25:39.0210 0216  iScsiPrt - ok
18:25:39.0225 0216  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:25:39.0241 0216  kbdclass - ok
18:25:39.0256 0216  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:25:39.0272 0216  kbdhid - ok
18:25:39.0288 0216  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:25:39.0303 0216  KeyIso - ok
18:25:39.0319 0216  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:25:39.0334 0216  KSecDD - ok
18:25:39.0350 0216  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:25:39.0366 0216  KSecPkg - ok
18:25:39.0381 0216  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:25:39.0428 0216  ksthunk - ok
18:25:39.0444 0216  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:25:39.0490 0216  KtmRm - ok
18:25:39.0522 0216  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:25:39.0553 0216  LanmanServer - ok
18:25:39.0584 0216  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:25:39.0615 0216  LanmanWorkstation - ok
18:25:39.0631 0216  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:25:39.0662 0216  lltdio - ok
18:25:39.0693 0216  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:25:39.0740 0216  lltdsvc - ok
18:25:39.0756 0216  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:25:39.0787 0216  lmhosts - ok
18:25:39.0818 0216  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:25:39.0834 0216  LSI_FC - ok
18:25:39.0834 0216  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:25:39.0849 0216  LSI_SAS - ok
18:25:39.0865 0216  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:25:39.0865 0216  LSI_SAS2 - ok
18:25:39.0880 0216  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:25:39.0896 0216  LSI_SCSI - ok
18:25:39.0912 0216  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:25:39.0958 0216  luafv - ok
18:25:39.0974 0216  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:25:39.0990 0216  Mcx2Svc - ok
18:25:40.0005 0216  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:25:40.0021 0216  megasas - ok
18:25:40.0036 0216  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:25:40.0052 0216  MegaSR - ok
18:25:40.0114 0216  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:25:40.0146 0216  Microsoft Office Groove Audit Service - ok
18:25:40.0161 0216  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:25:40.0208 0216  MMCSS - ok
18:25:40.0224 0216  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:25:40.0255 0216  Modem - ok
18:25:40.0270 0216  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:25:40.0286 0216  monitor - ok
18:25:40.0302 0216  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:25:40.0317 0216  mouclass - ok
18:25:40.0348 0216  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:25:40.0395 0216  mouhid - ok
18:25:40.0411 0216  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:25:40.0442 0216  mountmgr - ok
18:25:40.0489 0216  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:25:40.0520 0216  MozillaMaintenance - ok
18:25:40.0536 0216  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:25:40.0567 0216  MpFilter - ok
18:25:40.0582 0216  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:25:40.0598 0216  mpio - ok
18:25:40.0614 0216  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:25:40.0629 0216  mpsdrv - ok
18:25:40.0660 0216  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:25:40.0707 0216  MpsSvc - ok
18:25:40.0707 0216  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:25:40.0738 0216  MRxDAV - ok
18:25:40.0738 0216  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:25:40.0754 0216  mrxsmb - ok
18:25:40.0770 0216  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:25:40.0785 0216  mrxsmb10 - ok
18:25:40.0801 0216  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:25:40.0816 0216  mrxsmb20 - ok
18:25:40.0832 0216  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:25:40.0832 0216  msahci - ok
18:25:40.0848 0216  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:25:40.0848 0216  msdsm - ok
18:25:40.0863 0216  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:25:40.0879 0216  MSDTC - ok
18:25:40.0894 0216  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:25:40.0926 0216  Msfs - ok
18:25:40.0941 0216  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:25:41.0004 0216  mshidkmdf - ok
18:25:41.0019 0216  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:25:41.0019 0216  msisadrv - ok
18:25:41.0050 0216  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:25:41.0082 0216  MSiSCSI - ok
18:25:41.0097 0216  msiserver - ok
18:25:41.0113 0216  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:25:41.0144 0216  MSKSSRV - ok
18:25:41.0206 0216  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:25:41.0238 0216  MsMpSvc - ok
18:25:41.0253 0216  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:25:41.0284 0216  MSPCLOCK - ok
18:25:41.0300 0216  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:25:41.0331 0216  MSPQM - ok
18:25:41.0347 0216  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:25:41.0362 0216  MsRPC - ok
18:25:41.0378 0216  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:25:41.0394 0216  mssmbios - ok
18:25:41.0394 0216  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:25:41.0425 0216  MSTEE - ok
18:25:41.0440 0216  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:25:41.0456 0216  MTConfig - ok
18:25:41.0472 0216  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:25:41.0472 0216  Mup - ok
18:25:41.0503 0216  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:25:41.0550 0216  napagent - ok
18:25:41.0581 0216  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:25:41.0596 0216  NativeWifiP - ok
18:25:41.0643 0216  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:25:41.0659 0216  NDIS - ok
18:25:41.0674 0216  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:25:41.0706 0216  NdisCap - ok
18:25:41.0721 0216  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:25:41.0752 0216  NdisTapi - ok
18:25:41.0768 0216  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:25:41.0799 0216  Ndisuio - ok
18:25:41.0815 0216  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:25:41.0846 0216  NdisWan - ok
18:25:41.0862 0216  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:25:41.0893 0216  NDProxy - ok
18:25:41.0908 0216  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:25:41.0940 0216  NetBIOS - ok
18:25:41.0955 0216  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:25:41.0986 0216  NetBT - ok
18:25:41.0986 0216  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:25:42.0002 0216  Netlogon - ok
18:25:42.0033 0216  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:25:42.0064 0216  Netman - ok
18:25:42.0096 0216  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:25:42.0127 0216  netprofm - ok
18:25:42.0142 0216  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:25:42.0142 0216  NetTcpPortSharing - ok
18:25:42.0174 0216  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:25:42.0189 0216  nfrd960 - ok
18:25:42.0236 0216  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:25:42.0283 0216  NisDrv - ok
18:25:42.0298 0216  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
18:25:42.0314 0216  NisSrv - ok
18:25:42.0345 0216  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:25:42.0361 0216  NlaSvc - ok
18:25:42.0376 0216  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:25:42.0408 0216  Npfs - ok
18:25:42.0454 0216  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:25:42.0517 0216  nsi - ok
18:25:42.0532 0216  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:25:42.0564 0216  nsiproxy - ok
18:25:42.0595 0216  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:25:42.0642 0216  Ntfs - ok
18:25:42.0642 0216  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:25:42.0673 0216  Null - ok
18:25:42.0704 0216  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
18:25:42.0735 0216  NVENETFD - ok
18:25:42.0766 0216  [ 0AA2A6AAE14BDF0BEA29056EE759B200 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
18:25:42.0798 0216  NVNET - ok
18:25:42.0844 0216  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:25:42.0876 0216  nvraid - ok
18:25:42.0891 0216  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:25:42.0907 0216  nvstor - ok
18:25:42.0922 0216  [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
18:25:42.0938 0216  nvstor64 - ok
18:25:42.0954 0216  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:25:42.0969 0216  nv_agp - ok
18:25:43.0016 0216  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:25:43.0032 0216  odserv - ok
18:25:43.0032 0216  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:25:43.0063 0216  ohci1394 - ok
18:25:43.0078 0216  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:25:43.0094 0216  ose - ok
18:25:43.0125 0216  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:25:43.0141 0216  p2pimsvc - ok
18:25:43.0156 0216  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:25:43.0172 0216  p2psvc - ok
18:25:43.0219 0216  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:25:43.0250 0216  Parport - ok
18:25:43.0266 0216  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:25:43.0281 0216  partmgr - ok
18:25:43.0281 0216  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:25:43.0312 0216  PcaSvc - ok
18:25:43.0328 0216  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:25:43.0344 0216  pci - ok
18:25:43.0344 0216  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:25:43.0359 0216  pciide - ok
18:25:43.0375 0216  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:25:43.0375 0216  pcmcia - ok
18:25:43.0406 0216  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:25:43.0406 0216  pcw - ok
18:25:43.0437 0216  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:25:43.0484 0216  PEAUTH - ok
18:25:43.0515 0216  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:25:43.0562 0216  PeerDistSvc - ok
18:25:43.0624 0216  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:25:43.0624 0216  PerfHost - ok
18:25:43.0671 0216  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:25:43.0718 0216  pla - ok
18:25:43.0749 0216  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:25:43.0765 0216  PlugPlay - ok
18:25:43.0780 0216  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:25:43.0796 0216  PNRPAutoReg - ok
18:25:43.0812 0216  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:25:43.0827 0216  PNRPsvc - ok
18:25:43.0858 0216  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:25:43.0936 0216  PolicyAgent - ok
18:25:43.0968 0216  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:25:43.0999 0216  Power - ok
18:25:44.0030 0216  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:25:44.0061 0216  PptpMiniport - ok
18:25:44.0077 0216  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:25:44.0092 0216  Processor - ok
18:25:44.0124 0216  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:25:44.0139 0216  ProfSvc - ok
18:25:44.0155 0216  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:25:44.0155 0216  ProtectedStorage - ok
18:25:44.0186 0216  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:25:44.0202 0216  Psched - ok
18:25:44.0233 0216  [ D8589A43B352E7F2317194C98447149F ] pwdrvio         C:\Windows\system32\pwdrvio.sys
18:25:44.0248 0216  pwdrvio - ok
18:25:44.0264 0216  [ 4B8FDA635F4D2E7D638B2B3817B5AFC8 ] pwdspio         C:\Windows\system32\pwdspio.sys
18:25:44.0280 0216  pwdspio - ok
18:25:44.0311 0216  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:25:44.0342 0216  ql2300 - ok
18:25:44.0373 0216  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:25:44.0373 0216  ql40xx - ok
18:25:44.0404 0216  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:25:44.0420 0216  QWAVE - ok
18:25:44.0420 0216  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:25:44.0436 0216  QWAVEdrv - ok
18:25:44.0451 0216  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:25:44.0482 0216  RasAcd - ok
18:25:44.0514 0216  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:25:44.0576 0216  RasAgileVpn - ok
18:25:44.0576 0216  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:25:44.0623 0216  RasAuto - ok
18:25:44.0638 0216  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:44.0654 0216  Rasl2tp - ok
18:25:44.0685 0216  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:25:44.0716 0216  RasMan - ok
18:25:44.0732 0216  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:44.0763 0216  RasPppoe - ok
18:25:44.0779 0216  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:25:44.0810 0216  RasSstp - ok
18:25:44.0841 0216  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:25:44.0872 0216  rdbss - ok
18:25:44.0888 0216  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:25:44.0904 0216  rdpbus - ok
18:25:44.0919 0216  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:44.0950 0216  RDPCDD - ok
18:25:44.0982 0216  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:25:44.0982 0216  RDPDR - ok
18:25:45.0013 0216  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:25:45.0044 0216  RDPENCDD - ok
18:25:45.0060 0216  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:25:45.0091 0216  RDPREFMP - ok
18:25:45.0106 0216  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:25:45.0122 0216  RdpVideoMiniport - ok
18:25:45.0138 0216  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:25:45.0153 0216  RDPWD - ok
18:25:45.0169 0216  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:25:45.0184 0216  rdyboost - ok
18:25:45.0216 0216  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:25:45.0231 0216  RemoteAccess - ok
18:25:45.0262 0216  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:25:45.0309 0216  RemoteRegistry - ok
18:25:45.0325 0216  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:25:45.0356 0216  RpcEptMapper - ok
18:25:45.0372 0216  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:25:45.0387 0216  RpcLocator - ok
18:25:45.0403 0216  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:25:45.0434 0216  RpcSs - ok
18:25:45.0465 0216  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:25:45.0496 0216  rspndr - ok
18:25:45.0512 0216  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:25:45.0528 0216  s3cap - ok
18:25:45.0543 0216  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:25:45.0559 0216  SamSs - ok
18:25:45.0559 0216  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:25:45.0574 0216  sbp2port - ok
18:25:45.0590 0216  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:25:45.0621 0216  SCardSvr - ok
18:25:45.0637 0216  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:25:45.0668 0216  scfilter - ok
18:25:45.0699 0216  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:25:45.0730 0216  Schedule - ok
18:25:45.0762 0216  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:25:45.0777 0216  SCPolicySvc - ok
18:25:45.0793 0216  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:25:45.0808 0216  SDRSVC - ok
18:25:45.0840 0216  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:25:45.0902 0216  secdrv - ok
18:25:45.0918 0216  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:25:45.0949 0216  seclogon - ok
18:25:45.0949 0216  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:25:45.0980 0216  SENS - ok
18:25:45.0996 0216  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:25:46.0011 0216  SensrSvc - ok
18:25:46.0042 0216  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:25:46.0074 0216  Serenum - ok
18:25:46.0089 0216  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
18:25:46.0120 0216  Serial - ok
18:25:46.0136 0216  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:25:46.0167 0216  sermouse - ok
18:25:46.0183 0216  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:25:46.0245 0216  SessionEnv - ok
18:25:46.0245 0216  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:25:46.0261 0216  sffdisk - ok
18:25:46.0276 0216  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:25:46.0292 0216  sffp_mmc - ok
18:25:46.0292 0216  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:25:46.0308 0216  sffp_sd - ok
18:25:46.0323 0216  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:25:46.0339 0216  sfloppy - ok
18:25:46.0354 0216  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:25:46.0386 0216  SharedAccess - ok
18:25:46.0417 0216  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:25:46.0448 0216  ShellHWDetection - ok
18:25:46.0464 0216  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:25:46.0479 0216  SiSRaid2 - ok
18:25:46.0479 0216  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:25:46.0495 0216  SiSRaid4 - ok
18:25:46.0542 0216  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:25:46.0573 0216  SkypeUpdate - ok
18:25:46.0588 0216  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:25:46.0635 0216  Smb - ok
18:25:46.0666 0216  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:25:46.0682 0216  SNMPTRAP - ok
18:25:46.0698 0216  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:25:46.0713 0216  spldr - ok
18:25:46.0744 0216  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:25:46.0760 0216  Spooler - ok
18:25:46.0838 0216  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:25:46.0932 0216  sppsvc - ok
18:25:46.0932 0216  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:25:46.0963 0216  sppuinotify - ok
18:25:46.0978 0216  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:25:47.0010 0216  srv - ok
18:25:47.0025 0216  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:25:47.0041 0216  srv2 - ok
18:25:47.0041 0216  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:25:47.0056 0216  srvnet - ok
18:25:47.0088 0216  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:25:47.0119 0216  SSDPSRV - ok
18:25:47.0134 0216  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:25:47.0166 0216  SstpSvc - ok
18:25:47.0181 0216  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:25:47.0181 0216  stexstor - ok
18:25:47.0212 0216  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:25:47.0259 0216  stisvc - ok
18:25:47.0290 0216  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:25:47.0306 0216  storflt - ok
18:25:47.0306 0216  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:25:47.0322 0216  storvsc - ok
18:25:47.0337 0216  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:25:47.0353 0216  swenum - ok
18:25:47.0368 0216  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:25:47.0415 0216  swprv - ok
18:25:47.0415 0216  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
18:25:47.0431 0216  Synth3dVsc - ok
18:25:47.0462 0216  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:25:47.0509 0216  SysMain - ok
18:25:47.0509 0216  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:25:47.0524 0216  TabletInputService - ok
18:25:47.0524 0216  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:25:47.0571 0216  TapiSrv - ok
18:25:47.0587 0216  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:25:47.0618 0216  TBS - ok
18:25:47.0665 0216  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:25:47.0712 0216  Tcpip - ok
18:25:47.0743 0216  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:25:47.0774 0216  TCPIP6 - ok
18:25:47.0790 0216  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:25:47.0805 0216  tcpipreg - ok
18:25:47.0821 0216  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:25:47.0836 0216  TDPIPE - ok
18:25:47.0852 0216  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:25:47.0868 0216  TDTCP - ok
18:25:47.0883 0216  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:25:47.0914 0216  tdx - ok
18:25:47.0914 0216  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:25:47.0930 0216  TermDD - ok
18:25:47.0946 0216  [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
18:25:47.0961 0216  terminpt - ok
18:25:47.0977 0216  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:25:48.0024 0216  TermService - ok
18:25:48.0039 0216  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:25:48.0055 0216  Themes - ok
18:25:48.0070 0216  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:25:48.0102 0216  THREADORDER - ok
18:25:48.0117 0216  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:25:48.0148 0216  TrkWks - ok
18:25:48.0180 0216  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:25:48.0211 0216  TrustedInstaller - ok
18:25:48.0211 0216  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:48.0242 0216  tssecsrv - ok
18:25:48.0273 0216  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:25:48.0289 0216  TsUsbFlt - ok
18:25:48.0289 0216  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:25:48.0304 0216  TsUsbGD - ok
18:25:48.0304 0216  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
18:25:48.0320 0216  tsusbhub - ok
18:25:48.0336 0216  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:25:48.0382 0216  tunnel - ok
18:25:48.0382 0216  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:25:48.0398 0216  uagp35 - ok
18:25:48.0414 0216  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:25:48.0445 0216  udfs - ok
18:25:48.0476 0216  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:25:48.0492 0216  UI0Detect - ok
18:25:48.0507 0216  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:25:48.0523 0216  uliagpkx - ok
18:25:48.0538 0216  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:25:48.0554 0216  umbus - ok
18:25:48.0585 0216  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:25:48.0601 0216  UmPass - ok
18:25:48.0616 0216  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:25:48.0632 0216  UmRdpService - ok
18:25:48.0648 0216  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:25:48.0679 0216  upnphost - ok
18:25:48.0710 0216  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:25:48.0726 0216  USBAAPL64 - ok
18:25:48.0741 0216  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:25:48.0757 0216  usbaudio - ok
18:25:48.0772 0216  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:25:48.0788 0216  usbccgp - ok
18:25:48.0819 0216  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:25:48.0835 0216  usbcir - ok
18:25:48.0850 0216  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:25:48.0866 0216  usbehci - ok
18:25:48.0882 0216  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:25:48.0913 0216  usbhub - ok
18:25:48.0928 0216  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:25:48.0928 0216  usbohci - ok
18:25:48.0944 0216  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:25:48.0960 0216  usbprint - ok
18:25:48.0975 0216  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:25:48.0991 0216  USBSTOR - ok
18:25:49.0006 0216  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:25:49.0022 0216  usbuhci - ok
18:25:49.0053 0216  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:25:49.0069 0216  usbvideo - ok
18:25:49.0100 0216  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:25:49.0131 0216  UxSms - ok
18:25:49.0147 0216  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:25:49.0147 0216  VaultSvc - ok
18:25:49.0178 0216  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:25:49.0194 0216  vdrvroot - ok
18:25:49.0209 0216  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:25:49.0240 0216  vds - ok
18:25:49.0256 0216  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:49.0272 0216  vga - ok
18:25:49.0287 0216  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:25:49.0318 0216  VgaSave - ok
18:25:49.0318 0216  VGPU - ok
18:25:49.0334 0216  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:25:49.0350 0216  vhdmp - ok
18:25:49.0396 0216  [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
18:25:49.0443 0216  VIAHdAudAddService - ok
18:25:49.0459 0216  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:25:49.0474 0216  viaide - ok
18:25:49.0474 0216  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:25:49.0490 0216  vmbus - ok
18:25:49.0506 0216  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:25:49.0521 0216  VMBusHID - ok
18:25:49.0537 0216  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:25:49.0552 0216  volmgr - ok
18:25:49.0568 0216  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:25:49.0568 0216  volmgrx - ok
18:25:49.0584 0216  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:25:49.0599 0216  volsnap - ok
18:25:49.0615 0216  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:25:49.0630 0216  vsmraid - ok
18:25:49.0662 0216  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:25:49.0724 0216  VSS - ok
18:25:49.0724 0216  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:25:49.0755 0216  vwifibus - ok
18:25:49.0771 0216  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:25:49.0786 0216  vwififlt - ok
18:25:49.0802 0216  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:25:49.0833 0216  W32Time - ok
18:25:49.0864 0216  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:25:49.0896 0216  WacomPen - ok
18:25:49.0911 0216  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:25:49.0958 0216  WANARP - ok
18:25:49.0958 0216  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:25:49.0989 0216  Wanarpv6 - ok
18:25:50.0036 0216  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:25:50.0067 0216  wbengine - ok
18:25:50.0067 0216  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:25:50.0083 0216  WbioSrvc - ok
18:25:50.0098 0216  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:25:50.0130 0216  wcncsvc - ok
18:25:50.0130 0216  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:25:50.0161 0216  WcsPlugInService - ok
18:25:50.0161 0216  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:25:50.0176 0216  Wd - ok
18:25:50.0208 0216  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:25:50.0223 0216  Wdf01000 - ok
18:25:50.0239 0216  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:25:50.0254 0216  WdiServiceHost - ok
18:25:50.0254 0216  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:25:50.0270 0216  WdiSystemHost - ok
18:25:50.0301 0216  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:25:50.0317 0216  WebClient - ok
18:25:50.0332 0216  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:25:50.0364 0216  Wecsvc - ok
18:25:50.0379 0216  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:25:50.0410 0216  wercplsupport - ok
18:25:50.0426 0216  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:25:50.0457 0216  WerSvc - ok
18:25:50.0488 0216  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:25:50.0520 0216  WfpLwf - ok
18:25:50.0535 0216  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:25:50.0535 0216  WIMMount - ok
18:25:50.0551 0216  WinDefend - ok
18:25:50.0551 0216  WinHttpAutoProxySvc - ok
18:25:50.0613 0216  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:25:50.0676 0216  Winmgmt - ok
18:25:50.0738 0216  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:25:50.0816 0216  WinRM - ok
18:25:50.0863 0216  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:25:50.0910 0216  WinUsb - ok
18:25:50.0941 0216  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:25:50.0972 0216  Wlansvc - ok
18:25:51.0081 0216  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:25:51.0128 0216  wlidsvc - ok
18:25:51.0159 0216  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:25:51.0175 0216  WmiAcpi - ok
18:25:51.0206 0216  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:25:51.0237 0216  wmiApSrv - ok
18:25:51.0284 0216  WMPNetworkSvc - ok
18:25:51.0300 0216  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:25:51.0331 0216  WPCSvc - ok
18:25:51.0346 0216  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:25:51.0378 0216  WPDBusEnum - ok
18:25:51.0378 0216  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:25:51.0409 0216  ws2ifsl - ok
18:25:51.0424 0216  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:25:51.0456 0216  wscsvc - ok
18:25:51.0456 0216  WSearch - ok
18:25:51.0534 0216  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:25:51.0596 0216  wuauserv - ok
18:25:51.0612 0216  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:25:51.0627 0216  WudfPf - ok
18:25:51.0643 0216  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:25:51.0674 0216  WUDFRd - ok
18:25:51.0690 0216  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:25:51.0705 0216  wudfsvc - ok
18:25:51.0721 0216  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:25:51.0736 0216  WwanSvc - ok
18:25:51.0768 0216  X6va009 - ok
18:25:51.0783 0216  ================ Scan global ===============================
18:25:51.0799 0216  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:25:51.0814 0216  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:25:51.0830 0216  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:25:51.0846 0216  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:25:51.0877 0216  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:25:51.0877 0216  [Global] - ok
18:25:51.0877 0216  ================ Scan MBR ==================================
18:25:51.0892 0216  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:25:52.0407 0216  \Device\Harddisk0\DR0 - ok
18:25:52.0438 0216  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk5\DR5
18:25:52.0782 0216  \Device\Harddisk5\DR5 - ok
18:25:52.0782 0216  ================ Scan VBR ==================================
18:25:52.0782 0216  [ F849144F265164CBC2AC1F9091843309 ] \Device\Harddisk0\DR0\Partition1
18:25:52.0782 0216  \Device\Harddisk0\DR0\Partition1 - ok
18:25:52.0813 0216  [ D7A13E51FAF8434D7FD69DB4FAC98C32 ] \Device\Harddisk0\DR0\Partition2
18:25:52.0813 0216  \Device\Harddisk0\DR0\Partition2 - ok
18:25:52.0828 0216  [ 8771A765FD71C37BA6651B33179EE6D0 ] \Device\Harddisk0\DR0\Partition3
18:25:52.0828 0216  \Device\Harddisk0\DR0\Partition3 - ok
18:25:52.0860 0216  [ 467302C4616100DFF219A4CA5869C56F ] \Device\Harddisk0\DR0\Partition4
18:25:52.0860 0216  \Device\Harddisk0\DR0\Partition4 - ok
18:25:52.0891 0216  [ BD2500686B3340A9C4933AB8B7ACA90F ] \Device\Harddisk5\DR5\Partition1
18:25:52.0891 0216  \Device\Harddisk5\DR5\Partition1 - ok
18:25:52.0891 0216  ============================================================
18:25:52.0891 0216  Scan finished
18:25:52.0891 0216  ============================================================
18:25:52.0906 3988  Detected object count: 1
18:25:52.0906 3988  Actual detected object count: 1
18:26:04.0138 3988  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:26:04.0138 3988  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
         
LG
soatix


Alt 26.02.2013, 22:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Dann bitte jetzt CF ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037

Alt 27.02.2013, 17:25   #7
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Ich kann den Log von Combofix nicht als Code einfügen. Wie verfahre ich in diesem Fall?

LG
soatix

Alt 27.02.2013, 19:48   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Ist es zu groß?
Wenn ja, bitte nur zu große Logs zippen und in den Anhang legen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2013, 19:14   #9
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Ich konnte es nicht hinein kopieren, gehe davon aus das es zu groß war.
Hab es angehängt.

LG

Alt 01.03.2013, 13:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2013, 08:56   #11
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Ultimate x64
Ran by samy on 02.03.2013 at  9:32:52,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2909018925-352489279-3901980246-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\samy\AppData\Roaming\opencandy"



~~~ FireFox

Successfully deleted: [File] C:\Users\samy\AppData\Roaming\mozilla\firefox\profiles\8lvwitdi.default\user.js



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2013 at  9:39:05,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwCleaner
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 02/03/2013 um 09:47:00 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : samy - SAMY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\samy\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=hp&babsrc=lnkry_nt --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=b4242e6d-2d95-4e99-a704-c266db786dd2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\samy\AppData\Roaming\Mozilla\Firefox\Profiles\8lvwitdi.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\samy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2096] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY[...]

*************************

AdwCleaner[S1].txt - [2317 octets] - [02/03/2013 09:47:00]

########## EOF - C:\AdwCleaner[S1].txt - [2377 octets] ##########
         
OTL
Code:
ATTFilter
OTL logfile created on: 02.03.2013 09:50:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 81,94% Memory free
16,00 Gb Paging File | 14,33 Gb Available in Paging File | 89,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 181,87 Gb Total Space | 135,78 Gb Free Space | 74,66% Space Free | Partition Type: NTFS
Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS
Drive J: | 246,89 Gb Total Space | 217,02 Gb Free Space | 87,90% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1259,90 Gb Free Space | 90,17% Space Free | Partition Type: NTFS
 
Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\samy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\samy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll ()
MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\libglesv2.dll ()
MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\libegl.dll ()
MOD - C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1F 3F 49 18 70 CD 01  [binary data]
IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 19:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.11 19:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Extensions
[2013.01.11 19:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\Firefox\Profiles\8lvwitdi.default\extensions
[2013.01.11 19:23:28 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\samy\AppData\Roaming\mozilla\firefox\profiles\8lvwitdi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.11 19:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\samy\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\samy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000..\Run: [Akamai NetSession Interface] C:\Users\samy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000..\Run: [Shotty] C:\Programme\Shotty\Shotty.exe (hxxp://shotty.devs-on.net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2909018925-352489279-3901980246-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC096F7-45CB-4E12-85E9-024AA1570A67}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.02 09:32:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.02 09:32:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.02 09:31:49 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\samy\Desktop\JRT.exe
[2013.02.28 20:16:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.28 20:16:00 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 20:15:59 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.28 20:15:59 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.28 20:15:57 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.28 20:15:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.28 20:15:54 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.28 20:15:54 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.28 20:15:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 20:15:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 20:15:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 20:15:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 20:15:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 20:15:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 20:15:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 20:15:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 20:15:53 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.28 20:15:53 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.28 20:15:53 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.28 20:15:53 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.28 20:15:53 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.28 20:15:53 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.28 20:15:53 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.28 20:15:53 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 20:15:53 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.28 20:15:53 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.28 20:15:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.28 20:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 20:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 20:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 20:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 20:15:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 20:15:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 20:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 20:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 20:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 20:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 20:15:52 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.28 20:15:52 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.28 20:15:52 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.28 20:15:52 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.28 20:12:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.27 17:30:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.27 17:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.27 17:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.27 17:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.27 17:20:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.27 17:20:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.27 17:20:29 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\samy\Desktop\ComboFix.exe
[2013.02.26 18:24:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\samy\Desktop\tdsskiller.exe
[2013.02.25 19:46:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\samy\Desktop\aswMBR.exe
[2013.02.25 19:33:33 | 000,000,000 | ---D | C] -- C:\Users\samy\Desktop\mbar
[2013.02.23 23:56:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe
[2013.02.23 23:41:40 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Roaming\Malwarebytes
[2013.02.23 23:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.23 23:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 23:41:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.23 23:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.23 23:40:43 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\Programs
[2013.02.13 23:54:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 23:54:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 23:54:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 23:54:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 23:54:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 23:54:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 23:54:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 23:54:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 23:54:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 23:54:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 23:54:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 23:54:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 23:54:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 23:54:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 23:54:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 17:07:32 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 17:07:32 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 17:07:31 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 17:07:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 17:07:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 17:07:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 17:07:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 17:07:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 17:07:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 17:07:21 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.06 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\samy\AppData\Local\{935FD0CE-5103-4D30-8439-2E604FB8C379}
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.02 09:48:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 09:48:21 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.02 09:46:37 | 000,594,019 | ---- | M] () -- C:\Users\samy\Desktop\adwcleaner.exe
[2013.03.02 09:31:45 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\samy\Desktop\JRT.exe
[2013.03.02 09:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000UA.job
[2013.03.02 09:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2909018925-352489279-3901980246-1000Core.job
[2013.03.02 09:16:06 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 09:16:06 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 09:13:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.02 09:13:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.02 09:13:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.02 09:13:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.02 09:13:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 00:09:23 | 000,000,059 | ---- | M] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini
[2013.02.28 20:12:26 | 000,004,850 | ---- | M] () -- C:\Users\samy\Desktop\combofix_log.zip
[2013.02.27 17:19:13 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\samy\Desktop\ComboFix.exe
[2013.02.26 18:23:52 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\samy\Desktop\tdsskiller.exe
[2013.02.25 23:25:32 | 000,002,358 | ---- | M] () -- C:\Users\samy\Desktop\Google Chrome.lnk
[2013.02.25 19:58:47 | 000,000,512 | ---- | M] () -- C:\Users\samy\Desktop\MBR.dat
[2013.02.25 19:46:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\samy\Desktop\aswMBR.exe
[2013.02.25 19:32:42 | 013,711,621 | ---- | M] () -- C:\Users\samy\Desktop\mbar-1.01.0.1020.zip
[2013.02.24 01:35:22 | 1275,748,834 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.24 00:07:00 | 000,376,832 | ---- | M] () -- C:\Users\samy\Desktop\gmer_2.1.19081.exe
[2013.02.23 23:48:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samy\Desktop\OTL.exe
[2013.02.23 23:48:27 | 000,000,168 | ---- | M] () -- C:\Users\samy\defogger_reenable
[2013.02.23 23:41:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.19 23:58:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.16 10:18:44 | 000,071,254 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt1.JPG
[2013.02.16 10:18:03 | 000,070,766 | ---- | M] () -- C:\Users\samy\Desktop\Unbenannt.JPG
[2013.02.14 07:05:50 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.02 09:46:41 | 000,594,019 | ---- | C] () -- C:\Users\samy\Desktop\adwcleaner.exe
[2013.02.28 20:12:26 | 000,004,850 | ---- | C] () -- C:\Users\samy\Desktop\combofix_log.zip
[2013.02.27 17:22:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.27 17:22:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.27 17:22:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.27 17:22:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.27 17:22:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.25 19:58:47 | 000,000,512 | ---- | C] () -- C:\Users\samy\Desktop\MBR.dat
[2013.02.25 19:33:26 | 013,711,621 | ---- | C] () -- C:\Users\samy\Desktop\mbar-1.01.0.1020.zip
[2013.02.24 00:07:03 | 000,376,832 | ---- | C] () -- C:\Users\samy\Desktop\gmer_2.1.19081.exe
[2013.02.23 23:48:27 | 000,000,168 | ---- | C] () -- C:\Users\samy\defogger_reenable
[2013.02.23 23:41:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.16 10:18:42 | 000,071,254 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt1.JPG
[2013.02.16 10:18:02 | 000,070,766 | ---- | C] () -- C:\Users\samy\Desktop\Unbenannt.JPG
[2012.10.21 19:26:27 | 000,000,059 | ---- | C] () -- C:\Users\samy\AppData\Roaming\GoodnightTimer.ini
[2012.07.29 21:49:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.29 21:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.29 21:18:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 02.03.2013 09:50:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 81,94% Memory free
16,00 Gb Paging File | 14,33 Gb Available in Paging File | 89,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 181,87 Gb Total Space | 135,78 Gb Free Space | 74,66% Space Free | Partition Type: NTFS
Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 502,65 Gb Total Space | 465,03 Gb Free Space | 92,52% Space Free | Partition Type: NTFS
Drive J: | 246,89 Gb Total Space | 217,02 Gb Free Space | 87,90% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1259,90 Gb Free Space | 90,17% Space Free | Partition Type: NTFS
 
Computer Name: SAMY-PC | User Name: samy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F15225-E16A-4713-B9DF-33F1AD9CA705}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{048D1F88-7512-46AD-8000-43688957DC64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{07AB55F2-6CDB-4E46-89C8-FBDC8D533174}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{14DD3803-6F26-41FE-A7FC-C36751C7FB01}" = lport=137 | protocol=17 | dir=in | app=system | 
"{558CEAE5-0D92-4BDB-B022-CF53BFA2C162}" = lport=139 | protocol=6 | dir=in | app=system | 
"{72DEA8B3-BB07-4E4D-A2ED-CFE0A15DE958}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7D31D475-B600-4290-B0FE-48C1A89AEDF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{823571E6-04C1-420E-9388-841A497FFE22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85E32087-6681-41F8-8CD0-BD982F7E46E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{97CCB421-4066-4791-A0F3-D4E837E20080}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9EDBC558-C1DA-4D07-994A-8848E18405E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1617044-6AA0-469E-9BEE-E4AB6FC153C3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A85EA74B-4AA7-4529-B19A-FDDBD4EE7144}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AF590DE8-A3C5-4921-84D2-56622DEFEEE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B6CB3474-855A-47BB-810E-564D4A19A607}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3DC4704-EABE-4822-90A5-D093A63A6040}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5E6AAA3-E4C0-4DBE-8EA7-7948CEB567BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAAC9BA0-CC87-42C2-B4F8-FCFE6D81F7C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D4079088-CEBF-457C-BCBA-89FFD8C1760A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6594916-A21F-49FA-94CB-A5E9544E7595}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D7210C63-84F3-4AC6-BF3E-CA68D355BDAD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E4EEF1FF-F65B-42AC-B367-9E8EF2F5E954}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F09AB8F0-187E-4D59-97C4-8CEC2E6EEC3D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FF6766DE-789B-4D81-A4FD-FFEDCF53282B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0384B63C-8C8D-4D52-9AB3-60E87B16E8C0}" = protocol=6 | dir=out | app=system | 
"{06DBCE73-4118-4518-AED7-BA6A0C791E26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0FBB02CD-9443-44B3-83C6-89E31E1FB143}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0FEB8371-A443-4814-8AEA-3B30D0C812C7}" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | 
"{1C5CE583-0162-4445-810C-F03586821B42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CE1A38A-1993-4FBF-9DFC-14E524B7CB75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2D1D5302-ED89-4D1A-8569-60D84D61512F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{37099887-0BC0-4413-84E0-B9D1FDB3D243}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{371CE72E-7D54-45D4-AFE6-12A665201F72}" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\akamai\netsession_win.exe | 
"{48E043F0-978D-4745-A082-0F14E5CE916F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4CC44CD5-401C-46C4-8400-1549B0D4B9C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{51C570A1-FEAF-488F-B70C-02B143763F6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A7067FF-3273-48D1-B249-C4E83B1EA037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{605BE319-8EBD-4E76-BBFF-43088531B016}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{653F1C6B-018B-485D-8181-217B6E316804}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65F1042D-9DE2-43BE-B277-D37796B7BEEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{720D0018-537D-456D-8C98-4FA7096AFC59}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{76E21B9A-39F4-4658-A48B-C3AF92CADFC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7C61DD46-E055-4941-BA17-B4B8B7412862}" = protocol=58 | dir=in | app=system | 
"{8841CEBF-6F37-49EF-8A66-BF026EAAD5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8EBC49AE-8F31-4293-9A40-31840E555F55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9A7A542C-D947-431F-98BC-98386337D6AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A2BF3051-C7D8-47A5-99DF-C5896DF7FA89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC145854-5915-4C11-8E59-52E0D6F4DE20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD1A0413-97EC-4B6C-8F7F-A05C5F47811B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4ED0C98-9F08-4F87-8D2F-11AB8B6C7146}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B686FF35-57D2-4DE6-A0A8-FDE03927ED0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7E8FB8A-A7DA-46AD-8F86-3980E172CA24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBB3BA63-F924-4CCE-A50D-257BE131CE7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CD0A95BB-CA21-4C94-B446-93516516B309}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D8CB7A4B-BB6F-4312-8DFA-3F34B0BA8E62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DFBD355B-0E06-47DE-8076-D0D4D1BCC0D2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E096242B-1C25-47DA-A35D-1CE8349B0271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB976E4E-AD03-4202-94B4-05E0D4140643}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FE384036-FE29-487F-AD17-D5F019764600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{5B41A2B9-2FB9-45F0-BA67-839264AFC221}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | 
"TCP Query User{71C355E3-2C6B-4BBB-A9BA-57891CE31D67}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{728066D2-01D8-4BF1-9A02-905EB12E8B36}I:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=i:\guild wars 2\gw2.exe | 
"TCP Query User{7D3CD8F9-A8C3-4597-AF33-50856BF9490F}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"TCP Query User{D12140EF-FF88-48C6-889E-8E4B14598376}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=6 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{17F37F4D-A75B-428F-A096-CFA29F9AFD60}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{20C4E0D4-E176-4219-B6A2-F0CE5335BBA2}C:\users\samy\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\local\temp\gw2.exe | 
"UDP Query User{3ECAB189-A163-4E1E-B9D2-62D46313ACC0}I:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=i:\guild wars 2\gw2.exe | 
"UDP Query User{75BAC315-B38E-463F-A202-F64861CE0DF8}C:\users\samy\appdata\roaming\fyahry\idmo.exe" = protocol=17 | dir=in | app=c:\users\samy\appdata\roaming\fyahry\idmo.exe | 
"UDP Query User{836DE1FD-7649-48BA-AE7A-806861F413AD}I:\dcuniverse\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=i:\dcuniverse\unreal3\binaries\win32\dcgame.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs
"{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2e730c18-03e8-4d1d-8fc2-0ee3ea04a765" = Shotty - Kleines aber eindrucksvolles Screenshot Tool
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5
"{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English
"{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy
"{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All
"{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common
"{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai
"{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese
"{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish
"{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian
"{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish
"{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 12 Professional Demo
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian
"{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2909018925-352489279-3901980246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.03.2013 04:50:12 | Computer Name = samy-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >
         

Alt 02.03.2013, 11:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.03.2013, 00:31   #13
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Hier das Ergebnis von Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
samy :: SAMY-PC [Administrator]

02.03.2013 14:22:59
mbam-log-2013-03-02 (14-22-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208021
Laufzeit: 1 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und hier ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b28235c16793be4c9ce7b2aa636684da
# engine=13283
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-02 02:23:29
# local_time=2013-03-02 03:23:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 18640227 113864059 0 0
# scanned=161823
# found=0
# cleaned=0
# scan_time=2918
         
Seit den ganzen Scans etc. ist das Problem auch nicht mehr aufgetreten.

Alt 03.03.2013, 17:34   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.03.2013, 21:25   #15
soatix
 
Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Standard

Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037



Danke dir für die Mühe, scheint jetzt soweit alles wieder in Ordnung zu sein. Hatte die letzen zwei Tage keine Probleme mehr.

Die Infos zu den Cookies werd ich mir zu herzen nehmen und mir mal die Sache anschauen.
Gibt es sonst noch Programme die man haben "sollte" um so einen Fall in der Zukunft zu vermeiden?

Antwort

Themen zu Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037
akamai, autorun, bho, bonjour, converter, error, explorer, fehler, firefox, format, homepage, install.exe, logfile, mozilla, mp3, ntdll.dll, office 2007, registry, rundll, scan, security, senden, software, svchost.exe, teamspeak, temp, trojaner, udp, vdeck.exe



Ähnliche Themen: Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037


  1. Win32:Malware-gen, Win32:Adware-gen, Win32:rookit-gen können nicht gelöscht werden
    Log-Analyse und Auswertung - 17.11.2015 (16)
  2. PC langsam, hängt sich beim Surfen auf, Bluescreen, Advanced System Protector, Win32:Dropper-gen, Win32:Malware-gen, Win32:Rootkit-gen u.a.
    Log-Analyse und Auswertung - 07.02.2015 (12)
  3. Virus: virtool:win32/obfuscator.xz entfernen Hilfe?
    Log-Analyse und Auswertung - 03.02.2015 (86)
  4. Windows 7, Habe ein: VirTool:Win32/Obfuscator.ALA
    Plagegeister aller Art und deren Bekämpfung - 08.10.2014 (7)
  5. VirTool:Win32/Obfuscator.ALA
    Plagegeister aller Art und deren Bekämpfung - 04.10.2014 (44)
  6. Win32:Malware-gen und Trojan.Win32.WinloadSDA.dewcdw und PUA.Win32.Packer.Upx-28 - falsch positive Meldungen?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (1)
  7. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  8. ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner
    Log-Analyse und Auswertung - 17.06.2013 (7)
  9. VirTool:Win32/DelfInject.AE beseitigt, Rechner sauber?
    Log-Analyse und Auswertung - 17.11.2012 (8)
  10. Virus, Trojaner VirTool:Win32/Injector.DM eingefangen. Lt. Microsoft ziemlich böses Ding und recht neu
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (21)
  11. Trojan:Win32/Fakesysdef, Win32/FakeRean und TrojanDownloader:Win32/Karagany.G
    Log-Analyse und Auswertung - 05.01.2012 (2)
  12. VirTool:Win32/VBInject.gen!EZ
    Plagegeister aller Art und deren Bekämpfung - 04.10.2011 (6)
  13. Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (7)
  14. nach spybot durchlauf... Win32.Agent.ieu, Win32.FraudLoad, Win32.PornPopup
    Log-Analyse und Auswertung - 08.08.2010 (3)
  15. Worm:Win32/Conficker.B Virus:Win32/Sality.AM PWS:Win32/Verweli.A
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  16. VirTool:Win32/Obfuscator.CT u. Trojan:Win32/Delflob.I - wie zu beseitigen?
    Plagegeister aller Art und deren Bekämpfung - 29.09.2008 (0)
  17. Trojaner: Win32.KeyLogger, Win32.GreenScreen,Win32.Agent, Win32Tiny, HTML.Bankfraud
    Log-Analyse und Auswertung - 29.09.2008 (1)

Zum Thema Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 - Hallo liebes Team, ich hoffe ihr könnt mir helfen, bin gerade wirklich am verzweifeln. Nachdem mein PC sich heute einige Male neu gestartet hatte und nach dem Neustart eine Meldung - Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037...
Archiv
Du betrachtest: Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.