| sideshowb | 15.04.2013 16:19 |
snap.do Startseite und Browserleiste (Firefox/Win7-32Bit) entfernen
Hallo,
seit gestern hat der erst letzte Woche neu aufgesetzte PC meiner Freundin ein Problem mit Firefox.
Ähnlich wie bei http://www.trojaner-board.de/133720-...efox-win7.html wird im Firefox snap.do als Startseite aufgerufen (auch in den Windows-Internetoptionen ist dies geändert) und es gibt eine snap.do browser-Leiste, die niemals aktiv installiert wurde.
Das problem trat nach dem Download und der Installation einer Software-zum-Erstellen-von-PDFs über chip.de auf.
Avista und ZoneAlarm haben nix gefunden!
Habe entsprechend eures Tutorials die Tests durchgeführt und folgende logs bekommen:
defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:10 on 15/04/2013 (**NAME**)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL: Code:
OTL logfile created on: 15.04.2013 14:12:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**NAME**\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,63% Memory free
5,98 Gb Paging File | 4,64 Gb Available in Paging File | 77,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 96,50 Gb Free Space | 66,94% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 11,23 Gb Free Space | 7,79% Space Free | Partition Type: NTFS
Drive F: | 14,83 Gb Total Space | 0,11 Gb Free Space | 0,71% Space Free | Partition Type: FAT32
Computer Name: **NAME**-PC | User Name: **NAME** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.15 13:46:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**NAME**\Desktop\OTL.exe
PRC - [2013.04.08 10:50:00 | 000,020,992 | ---- | M] (Smartbar) -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\SnapDo.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.01.29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.01.29 20:35:36 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012.11.22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.08 14:15:40 | 000,167,936 | ---- | M] (Mediafour Corporation) -- C:\Programme\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010.10.08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.14 10:55:31 | 000,146,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013.04.11 23:57:27 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013.04.11 20:16:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.04.11 20:15:13 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013.04.11 20:10:00 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.04.11 20:09:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.04.11 20:09:06 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.04.11 20:08:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.04.11 20:08:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.04.11 20:08:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.04.11 20:08:27 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.04.08 10:50:30 | 000,020,480 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013.04.08 10:50:26 | 000,026,112 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013.04.08 10:50:26 | 000,020,480 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013.04.08 10:50:22 | 000,051,712 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013.04.08 10:50:22 | 000,014,336 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013.04.08 10:50:20 | 000,112,640 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013.04.08 10:50:18 | 000,045,056 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013.04.08 10:50:12 | 000,078,848 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013.04.08 10:50:12 | 000,016,896 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013.04.08 10:50:10 | 000,019,456 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013.04.08 10:50:08 | 000,057,856 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013.04.08 10:50:04 | 000,034,304 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013.04.08 10:50:04 | 000,014,336 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013.04.08 10:50:04 | 000,013,312 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013.04.08 10:50:02 | 001,630,720 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013.04.08 10:50:02 | 000,194,048 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll
MOD - [2013.04.08 10:50:02 | 000,014,848 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013.04.08 10:50:00 | 000,660,480 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013.04.08 10:50:00 | 000,081,920 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013.04.08 10:49:18 | 000,048,128 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013.04.08 10:49:12 | 000,026,112 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013.04.08 10:49:08 | 000,068,608 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
========== Services (SafeList) ==========
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2013.03.07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.03.07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.12.13 11:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2012.11.22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012.11.15 21:06:10 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.07 15:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010.05.12 14:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010.05.12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=68158704-666d-4655-a66f-e1a1a3aa6ac2&searchtype=ds&q={searchTerms}&installDate=14/04/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=68158704-666d-4655-a66f-e1a1a3aa6ac2&searchtype=ds&q={searchTerms}&installDate=14/04/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=68158704-666d-4655-a66f-e1a1a3aa6ac2&searchtype=ds&q={searchTerms}&installDate=14/04/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C E3 10 E7 C4 36 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=68158704-666d-4655-a66f-e1a1a3aa6ac2&searchtype=ds&q={searchTerms}&installDate=14/04/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=68158704-666d-4655-a66f-e1a1a3aa6ac2&searchtype=ds&q={searchTerms}&installDate=14/04/2013
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=68158704-666d-4655-a66f-e1a1a3aa6ac2&searchtype=ds&q={searchTerms}&installDate=14/04/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=68158704-666d-4655-a66f-e1a1a3aa6ac2&searchtype=hp&installDate=14/04/2013"
FF - prefs.js..extensions.enabledAddons: {68158704-666d-4655-a66f-e1a1a3aa6ac2}:1.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B68158704-666d-4655-a66f-e1a1a3aa6ac2%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=68158704-666d-4655-a66f-e1a1a3aa6ac2&searchtype=ds&installDate=14/04/2013&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.11 22:24:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.04.12 18:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 00:21:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013.04.11 22:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**NAME**\AppData\Roaming\mozilla\Extensions
[2013.04.15 12:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**NAME**\AppData\Roaming\mozilla\Firefox\Profiles\89exxq82.default\extensions
[2013.04.15 12:41:22 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\**NAME**\AppData\Roaming\mozilla\Firefox\Profiles\89exxq82.default\extensions\{68158704-666d-4655-a66f-e1a1a3aa6ac2}
[2013.04.15 12:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**NAME**\AppData\Roaming\mozilla\Firefox\Profiles\89exxq82.default\extensions\staged
[2013.04.15 12:41:28 | 000,015,637 | ---- | M] () -- C:\Users\**NAME**\AppData\Roaming\mozilla\firefox\profiles\89exxq82.default\searchplugins\Web Search.xml
[2013.04.11 22:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.11 22:24:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\**NAME**\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71DB1997-A1B9-4F5C-BD32-383F1BED20D2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e63082c5-a2f8-11e2-93f3-001d72e49611}\Shell - "" = AutoRun
O33 - MountPoints2\{e63082c5-a2f8-11e2-93f3-001d72e49611}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.15 14:09:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\**NAME**\Desktop\OTL.exe
[2013.04.14 10:55:28 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Smartbar
[2013.04.14 10:54:44 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\pdfforge
[2013.04.14 10:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.04.14 10:54:41 | 000,088,576 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2013.04.14 10:54:39 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\OpenCandy
[2013.04.14 10:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.04.14 10:53:04 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Programs
[2013.04.13 13:59:01 | 000,000,000 | ---D | C] -- C:\Vegas_Prerender
[2013.04.13 13:58:12 | 000,000,000 | ---D | C] -- C:\Vegas_Data
[2013.04.13 13:32:50 | 000,000,000 | ---D | C] -- C:\Acer
[2013.04.13 13:31:06 | 000,000,000 | ---D | C] -- C:\Book
[2013.04.13 13:30:15 | 000,000,000 | ---D | C] -- C:\Treiber
[2013.04.13 13:25:11 | 000,000,000 | --SD | C] -- C:\Dropbox
[2013.04.13 13:20:50 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\Desktop\irgendwas
[2013.04.13 13:20:47 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\Desktop\DRUCK 29.8.12
[2013.04.13 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\Desktop\DriveNavi_for_HD-HSQ
[2013.04.13 13:20:31 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\Desktop\BORKUM
[2013.04.12 23:56:01 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\MAXON
[2013.04.12 19:10:10 | 000,000,000 | ---D | C] -- C:\Installationen
[2013.04.12 18:59:59 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\Documents\ForceField Shared Files
[2013.04.12 18:59:59 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\CheckPoint
[2013.04.12 18:59:38 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013.04.12 18:59:38 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys
[2013.04.12 18:59:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013.04.12 18:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013.04.12 18:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.04.12 18:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.04.12 18:50:11 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.04.12 18:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.04.12 18:48:31 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Macromedia
[2013.04.12 18:48:03 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Adobe
[2013.04.12 14:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Tipp10
[2013.04.12 14:06:51 | 000,057,800 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\CBDisk.sys
[2013.04.12 14:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacDrive 8
[2013.04.12 14:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mediafour
[2013.04.12 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2013.04.12 14:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2013.04.12 01:25:57 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\Documents\Ableton
[2013.04.12 01:25:57 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Ableton
[2013.04.12 01:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2013.04.12 01:24:20 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll
[2013.04.12 01:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton
[2013.04.12 01:24:19 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2013.04.12 01:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ableton
[2013.04.12 00:48:24 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Publish Providers
[2013.04.12 00:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.04.12 00:33:06 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Sony
[2013.04.12 00:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013.04.12 00:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013.04.12 00:31:51 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Sony
[2013.04.12 00:29:46 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Apple Computer
[2013.04.12 00:23:42 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Apple Computer
[2013.04.12 00:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.04.12 00:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.04.12 00:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.04.12 00:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.04.12 00:18:51 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Apple
[2013.04.12 00:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013.04.12 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.04.12 00:09:25 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Diagnostics
[2013.04.11 23:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.04.11 23:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013.04.11 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.04.11 23:57:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.04.11 23:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013.04.11 23:54:54 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Microsoft Help
[2013.04.11 23:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.04.11 23:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.04.11 23:54:22 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.04.11 23:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013.04.11 23:38:42 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Skype
[2013.04.11 23:38:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.04.11 23:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.11 23:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.11 23:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.04.11 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\JAM Software
[2013.04.11 23:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2013.04.11 23:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2013.04.11 23:33:38 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\REAPER
[2013.04.11 23:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER
[2013.04.11 23:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2013.04.11 23:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\REAPER
[2013.04.11 23:30:33 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\vlc
[2013.04.11 23:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.11 23:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.04.11 23:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.04.11 23:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.04.11 23:02:47 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2013.04.11 23:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2013.04.11 22:50:24 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Mozilla
[2013.04.11 22:50:24 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Mozilla
[2013.04.11 22:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.04.11 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.04.11 22:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.11 22:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.04.11 22:26:02 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.04.11 22:26:02 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.04.11 22:26:00 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.04.11 22:25:59 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.04.11 22:25:58 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.04.11 22:25:54 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.04.11 22:25:54 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.04.11 22:24:42 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.11 22:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.04.11 22:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.04.11 21:44:24 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Adobe
[2013.04.11 18:56:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.04.11 18:55:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.04.11 18:53:59 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2013.04.11 17:21:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.04.11 17:21:14 | 000,000,000 | -HSD | C] -- C:\Boot
[2013.04.11 17:04:54 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.04.11 16:53:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2013.04.11 16:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.04.11 16:49:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2013.04.11 16:30:56 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.11 16:30:56 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Searches
[2013.04.11 16:30:56 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.11 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Identities
[2013.04.11 16:30:42 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Contacts
[2013.04.11 16:30:34 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\VirtualStore
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Vorlagen
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\AppData\Local\Verlauf
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\AppData\Local\Temporary Internet Files
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Startmenü
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\SendTo
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Recent
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Netzwerkumgebung
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Lokale Einstellungen
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Documents\Eigene Videos
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Documents\Eigene Musik
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Eigene Dateien
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Documents\Eigene Bilder
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Druckumgebung
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Cookies
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\AppData\Local\Anwendungsdaten
[2013.04.11 16:30:30 | 000,000,000 | -HSD | C] -- C:\Users\**NAME**\Anwendungsdaten
[2013.04.11 16:30:29 | 000,000,000 | --SD | C] -- C:\Users\**NAME**\AppData\Roaming\Microsoft
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Videos
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Saved Games
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Pictures
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Music
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Links
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Favorites
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Downloads
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Documents
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\Desktop
[2013.04.11 16:30:29 | 000,000,000 | R--D | C] -- C:\Users\**NAME**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.11 16:30:29 | 000,000,000 | -H-D | C] -- C:\Users\**NAME**\AppData
[2013.04.11 16:30:29 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Temp
[2013.04.11 16:30:29 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Local\Microsoft
[2013.04.11 16:30:29 | 000,000,000 | ---D | C] -- C:\Users\**NAME**\AppData\Roaming\Media Center Programs
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.04.11 16:30:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.04.11 16:25:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.04.11 16:22:52 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.04.11 16:22:31 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2013.04.15 14:10:10 | 000,000,000 | ---- | M] () -- C:\Users\**NAME**\defogger_reenable
[2013.04.15 14:09:18 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.15 14:09:18 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.15 14:09:18 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.15 14:09:18 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.15 13:58:28 | 000,377,856 | ---- | M] () -- C:\Users\**NAME**\Desktop\gmer_2.1.19163.exe
[2013.04.15 13:51:54 | 000,050,477 | ---- | M] () -- C:\Users\**NAME**\Desktop\Defogger.exe
[2013.04.15 13:46:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**NAME**\Desktop\OTL.exe
[2013.04.15 12:45:32 | 000,021,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 12:45:32 | 000,021,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 12:41:29 | 000,002,292 | ---- | M] () -- C:\Users\**NAME**\Desktop\Search.lnk
[2013.04.15 12:37:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 12:37:38 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.14 10:54:45 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.04.12 19:02:34 | 000,417,507 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2013.04.12 14:00:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.12 00:47:28 | 000,002,540 | ---- | M] () -- C:\Users\**NAME**\Documents\Vegas Pro registrieren.htm
[2013.04.12 00:00:06 | 000,301,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.11 23:46:42 | 000,007,597 | ---- | M] () -- C:\Users\**NAME**\AppData\Local\Resmon.ResmonCfg
[2013.04.11 23:02:47 | 000,001,096 | ---- | M] () -- C:\Users\**NAME**\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2013.04.11 22:25:54 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.04.11 21:06:29 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.11 17:48:58 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.11 17:21:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013.04.11 16:26:16 | 000,057,035 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013.03.30 14:58:42 | 001,321,553 | ---- | M] () -- C:\Users\**NAME**\Desktop\Projektanmeldung_Protokoll_Gesangskurs_Borkum.jpg
[2013.03.30 14:58:42 | 001,304,191 | ---- | M] () -- C:\Users\**NAME**\Desktop\Projektanmeldung_Protokoll_Borkum_Doku.jpg
========== Files Created - No Company Name ==========
[2013.04.15 14:10:10 | 000,000,000 | ---- | C] () -- C:\Users\**NAME**\defogger_reenable
[2013.04.15 14:09:14 | 000,377,856 | ---- | C] () -- C:\Users\**NAME**\Desktop\gmer_2.1.19163.exe
[2013.04.15 14:08:59 | 000,050,477 | ---- | C] () -- C:\Users\**NAME**\Desktop\Defogger.exe
[2013.04.15 12:41:29 | 000,002,354 | ---- | C] () -- C:\Users\**NAME**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.15 12:41:29 | 000,002,292 | ---- | C] () -- C:\Users\**NAME**\Desktop\Search.lnk
[2013.04.14 10:54:45 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.04.13 13:20:54 | 001,499,884 | ---- | C] () -- C:\Users\**NAME**\Desktop\02 Spur 2.wma
[2013.04.13 13:20:54 | 001,321,553 | ---- | C] () -- C:\Users\**NAME**\Desktop\Projektanmeldung_Protokoll_Gesangskurs_Borkum.jpg
[2013.04.13 13:20:54 | 001,304,191 | ---- | C] () -- C:\Users\**NAME**\Desktop\Projektanmeldung_Protokoll_Borkum_Doku.jpg
[2013.04.13 13:20:54 | 000,229,613 | ---- | C] () -- C:\Users\**NAME**\Desktop\zeiten.pdf
[2013.04.13 13:20:54 | 000,057,176 | ---- | C] () -- C:\Users\**NAME**\Desktop\NINA_Exposé_290113.pdf
[2013.04.13 13:20:54 | 000,000,894 | ---- | C] () -- C:\Users\**NAME**\Desktop\ASIO4ALL v2 Anleitung.lnk
[2013.04.12 19:00:01 | 000,417,507 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2013.04.12 14:00:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.12 00:47:28 | 000,002,540 | ---- | C] () -- C:\Users\**NAME**\Documents\Vegas Pro registrieren.htm
[2013.04.12 00:18:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.04.11 23:46:42 | 000,007,597 | ---- | C] () -- C:\Users\**NAME**\AppData\Local\Resmon.ResmonCfg
[2013.04.11 23:41:23 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.04.11 23:02:47 | 000,001,096 | ---- | C] () -- C:\Users\**NAME**\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2013.04.11 22:50:19 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.11 22:25:58 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.04.11 22:25:57 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.04.11 21:06:29 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.11 18:54:37 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013.04.11 18:53:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.04.11 18:53:47 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2013.04.11 18:53:44 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2013.04.11 17:48:58 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.04.11 17:21:16 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2013.04.11 17:21:15 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013.04.11 16:53:57 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2013.04.11 16:53:57 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2013.04.11 16:30:58 | 000,001,409 | ---- | C] () -- C:\Users\**NAME**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.11 16:26:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.04.11 16:26:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.04.11 16:22:32 | 2408,390,656 | -HS- | C] () -- C:\hiberfil.sys
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.04.12 01:25:57 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\Ableton
[2013.04.12 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\CheckPoint
[2013.04.12 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.04.13 00:00:20 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\JAM Software
[2013.04.12 23:56:01 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\MAXON
[2013.04.14 10:54:39 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\OpenCandy
[2013.04.14 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\pdfforge
[2013.04.12 00:48:24 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\Publish Providers
[2013.04.11 23:36:11 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\REAPER
[2013.04.12 01:03:17 | 000,000,000 | ---D | M] -- C:\Users\**NAME**\AppData\Roaming\Sony
========== Purity Check ==========
< End of report >
Extras: Code:
OTL Extras logfile created on: 15.04.2013 14:12:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**NAME**\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,63% Memory free
5,98 Gb Paging File | 4,64 Gb Available in Paging File | 77,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 96,50 Gb Free Space | 66,94% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 11,23 Gb Free Space | 7,79% Space Free | Partition Type: NTFS
Drive F: | 14,83 Gb Total Space | 0,11 Gb Free Space | 0,71% Space Free | Partition Type: FAT32
Computer Name: **NAME**-PC | User Name: **NAME** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB1146F-C091-4F37-8A1E-DC614543E2D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C338111-939A-4AB5-9DDA-49BF713EA2F8}" = rport=137 | protocol=17 | dir=out | app=system |
"{267ED3D9-0586-43A4-8934-FE778672EDCD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D473DF8-215E-45E6-94A5-CA65CEC11FF8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{33995B7B-029F-4157-B7FA-C481718063F5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{365987B0-DBB2-4332-8050-C1E7E487A339}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D145607-6024-47B3-BBD6-835DF73FEF36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5C5E24D2-2F53-4487-BDFE-DF779202B190}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63BC3D78-983B-4338-A0AD-F9984A48BD15}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A5555CA-0BF2-4C7B-8E66-A59AE477AB13}" = rport=139 | protocol=6 | dir=out | app=system |
"{9DE67FB6-8B28-4B37-AD91-91EFFBC49C80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2884E8A-FC2A-4C9A-ABEA-3E5E051DF9F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{A35C97E7-4F9A-42D7-BBE6-B02D4C445896}" = lport=139 | protocol=6 | dir=in | app=system |
"{B0D45222-731A-408A-8735-0DA5DBBDF0EC}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5372AC3-C42F-4B82-BF0B-175A7B6A97A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C37F1DB9-87C5-49D7-AC1E-9CC1966C2F11}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E44DA36F-0B03-4D6B-923C-F6C29DA2A1D0}" = lport=445 | protocol=6 | dir=in | app=system |
"{F2DDEC11-4721-4B33-8BA0-3B5E506F87D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5B545AF-F89F-4929-8E7E-D7B80AF448D0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F9ED8BF9-6F68-4D4E-B67D-FDCDE7BC36D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB3590B8-A2C0-4AF9-B94C-5FCA5CC914F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00542892-13C4-4F2D-97B8-E474E775285B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3251EEC4-67D9-42EC-9584-33EEA56D9AAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36337A56-65F4-48B2-B7F9-CADD5157A960}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3E89B415-F59C-4622-BD57-B550793904F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49D453E2-8DD5-4157-BD9B-63EF72F4C8EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5562BFA2-C028-40A7-90E0-5D39DC9CA8ED}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6B960360-95A2-4358-86FE-AF0518272F3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E477311-4B40-45A3-A10A-D8387CF71F28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8472EEA5-6BDF-4E4D-9EA5-843BC8468CA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{881E35C0-D70D-4295-8C9B-C68B05DA02FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A0A97E4-1A7C-40EE-978C-DF10B9A78C28}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{916D0340-392E-4563-B0FD-2409FDE45D4B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{93A3B9BB-2E8C-4792-9525-2000996F49B5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{98B9C1D2-80EE-48EE-B36D-729A15F0F3EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AA30E00F-2DE9-4515-8EE9-1F55D3F136FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2A03AFA-E16C-45A3-91E1-1FF26BDD3080}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C9A4DB7A-157C-4C37-9DBA-B192B811ECDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC27263D-7C16-451C-A4B0-9E805DB39D02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D612A2DD-C5F6-4050-B828-DD863DBA0FFF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{D70C59E3-CAAC-4B40-9E19-CCC06CB6C202}" = protocol=6 | dir=out | app=system |
"{DDD1E4CF-A88D-45C2-92C7-5EE414C722CA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{F6FE2FA6-3E13-4A2B-A0DB-8C9D4163BA4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE886F62-D610-4740-AE86-6AA552ED7DD2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FED28276-5D3B-4B6A-BB81-1DE07B0DDBF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security
"{24ADC5BE-8B82-426F-8779-2308B54B00EE}" = ZoneAlarm Antivirus
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF346D59-7F5B-4CA2-9302-7F4AC3C09C10}" = MacDrive 8
"{D4CD577C-B720-4DA9-9811-A79D08F8E95D}" = Snap.Do
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"7-Zip" = 7-Zip 9.20
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HeavyLoad_is1" = HeavyLoad V3.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Live 8.1" = Live 8.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"REAPER" = REAPER
"TeamViewer 8" = TeamViewer 8
"TreeSize Free_is1" = TreeSize Free V2.7
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.6
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{d7af7219-73a2-4df8-85a3-b08e29809b0b}" = Snap.Do Engine
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2013 10:45:05 | Computer Name = **NAME**-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008 SKU-ID=da22eadd-46dc-4056-a287-f5041c852470
Error - 11.04.2013 17:54:06 | Computer Name = **NAME**-PC | Source = VSS | ID = 8194
Description =
Error - 12.04.2013 12:03:07 | Computer Name = **NAME**-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 710 Startzeit: 01ce37767621d5b7 Endzeit: 60000 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 1f4902ad-a38a-11e2-a89c-001d72e49611
Error - 12.04.2013 15:28:03 | Computer Name = **NAME**-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\asio4all
v2\a4apanel64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.04.2013 16:59:32 | Computer Name = **NAME**-PC | Source = Application Hang | ID = 1002
Description = Programm vegas110.exe, Version 11.0.0.682 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13c4 Startzeit:
01ce37be4c0a6f2f Endzeit: 28 Anwendungspfad: C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
Berichts-ID:
c90a6c46-a3b3-11e2-93f6-001d72e49611
Error - 12.04.2013 17:56:04 | Computer Name = **NAME**-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CINEBENCH Windows 32 Bit.exe, Version:
11.5.2.9, Zeitstempel: 0x4b750c1c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000563f8
ID
des fehlerhaften Prozesses: 0x1374 Startzeit der fehlerhaften Anwendung: 0x01ce37c884bf687c
Pfad
der fehlerhaften Anwendung: C:\Users\**NAME**\Downloads\CINEBENCH_11.529\CINEBENCH
Windows 32 Bit.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung:
c51e426c-a3bb-11e2-9386-001d72e49611
Error - 12.04.2013 17:56:52 | Computer Name = **NAME**-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CINEBENCH Windows 32 Bit.exe, Version:
11.5.2.9, Zeitstempel: 0x4b750c1c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000563f8
ID
des fehlerhaften Prozesses: 0x10cc Startzeit der fehlerhaften Anwendung: 0x01ce37c8a33ca89f
Pfad
der fehlerhaften Anwendung: C:\Users\**NAME**\Downloads\CINEBENCH_11.529\CINEBENCH
Windows 32 Bit.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung:
e1aa02f5-a3bb-11e2-9386-001d72e49611
Error - 12.04.2013 18:20:15 | Computer Name = **NAME**-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vegas110.exe, Version: 11.0.0.682,
Zeitstempel: 0x4f9674c3 Name des fehlerhaften Moduls: vegas110.exe, Version: 11.0.0.682,
Zeitstempel: 0x4f9674c3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00053071 ID des fehlerhaften
Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01ce37c978502be3 Pfad der
fehlerhaften Anwendung: C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe Pfad des
fehlerhaften Moduls: C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe Berichtskennung:
25c5e60a-a3bf-11e2-9386-001d72e49611
Error - 13.04.2013 14:18:34 | Computer Name = **NAME**-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\asio4all
v2\a4apanel64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.04.2013 07:01:01 | Computer Name = **NAME**-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\asio4all
v2\a4apanel64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 11.04.2013 11:46:19 | Computer Name = **NAME**-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706be fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
Error - 11.04.2013 11:48:55 | Computer Name = **NAME**-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 12.04.2013 12:16:36 | Computer Name = **NAME**-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?04.?2013 um 18:12:15 unerwartet heruntergefahren.
Error - 12.04.2013 12:39:25 | Computer Name = **NAME**-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?04.?2013 um 18:30:24 unerwartet heruntergefahren.
Error - 12.04.2013 13:00:09 | Computer Name = **NAME**-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 13.04.2013 13:16:22 | Computer Name = **NAME**-PC | Source = DCOM | ID = 10010
Description =
Error - 14.04.2013 05:03:58 | Computer Name = **NAME**-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 14.04.2013 05:03:59 | Computer Name = **NAME**-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 14.04.2013 05:03:59 | Computer Name = **NAME**-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 14.04.2013 05:04:00 | Computer Name = **NAME**-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Gmer: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-15 15:22:46
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\**NAME**\AppData\Local\Temp\uflcquoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAddBootEntry [0x8F23D59C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8F35A0C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwAllocateVirtualMemory [0x90ED2388]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcConnectPort [0x8FF03082]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcCreatePort [0x8FF0394A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8F30E4A0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAssignProcessToJobObject [0x8F23E02E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8F2F677A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwConnectPort [0x8FF02AD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8F2F6CF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEventPair [0x8F24983E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateFile [0x8FEFC334]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateIoCompletion [0x8F2499D8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey [0x8FF1E1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8F2F6BD8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreatePort [0x8FF035E2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateSection [0x90ED2720]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8F2F6E12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x8F31DAC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8F35C3C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8F35C604]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateTimer [0x8F249992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x8F35C068]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateWaitablePort [0x8FF03740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8F35BF0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteBootEntry [0x8F23D602]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile [0x8FEFD070]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey [0x8FF1FCCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey [0x8FF1F580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8F2F67BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x8F35A204]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwFreeVirtualMemory [0x90ED2450]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwLoadDriver [0x90ED09B4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey [0x8FF20760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey2 [0x8FF2099E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKeyEx [0x8FF20E50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8F31DB00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwModifyBootEntry [0x8F23D668]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8F30C154]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeMultipleKeys [0x8F23F874]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8F2F6D88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEventPair [0x8F249860]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile [0x8FEFCC22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenIoCompletion [0x8F2499FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8F2F6C68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x8F35BAB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8F35D1D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8F2F6EA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x8F35C120]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenTimer [0x8F2499B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x8F31DAD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwProtectVirtualMemory [0x90ED25B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8F2F6F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8F30C362]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8F35CBDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueueApcThreadEx [0x8F23F44E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRenameKey [0x8FF21838]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey [0x8FF2111A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8F30E284]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8F30E112]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x8F30E1C8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRequestWaitReplyPort [0x8FF0267C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey [0x8FF2229E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8F35C906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x8F30DB7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootEntryOrder [0x8F23D6CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootOptions [0x8F23D734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x8F35CA62]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile [0x8FEFD47C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8F2F6FD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSecurityObject [0x8FF21DC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x8F359F76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemPowerState [0x8F23D45A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey [0x8FF1ECA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwShutdownSystem [0x8F23D3E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8F35BC56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8F35C7AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x8F2F6FE6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwTerminateProcess [0x90ED2678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8F35C2C0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwUnloadDriver [0x90ED09E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8F35D340]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwVdmControl [0x8F23D79A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwWriteVirtualMemory [0x90ED24FC]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82884A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828BE1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 828C5220 4 Bytes [9C, D5, 23, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 828C522C 4 Bytes [C2, A0, 35, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 828C5248 4 Bytes [88, 23, ED, 90] {MOV [EBX], AH; IN EAX, DX; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 828C5254 8 Bytes [82, 30, F0, 8F, 4A, 39, F0, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 828C5298 4 Bytes [A0, E4, 30, 8F]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82A804DF 4 Bytes CALL 8F23FF37 \SystemRoot\System32\Drivers\aswSnx.SYS
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82A9A333 4 Bytes CALL 8F23FF4D \SystemRoot\System32\Drivers\aswSnx.SYS
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[536] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[556] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text ...
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1884] USER32.dll!GetUpdateRect + CF 75FEA644 5 Bytes JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2244] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2472] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2520] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2528] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2596] kernel32.dll!GetBinaryTypeW + 70 779E69F4 1 Byte [62]
.text ...
---- Devices - GMER 2.1 ----
Device Ntfs.sys
Device MDFSYSNT.sys
Device fastfat.SYS
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS
Device \FileSystem\Mup \Device\Mup MDFSYSNT.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS
AttachedDevice fltmgr.sys
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer MDFSYSNT.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys
---- Threads - GMER 2.1 ----
Thread System [4:5296] B3630F2E
---- EOF - GMER 2.1 ----
Auch wenn der Fall ähnlich zum Link oben ist, will ich natürlich nix überstürzen. Oder sollte ich direkt awdcleaner installieren?
Danke für Hilfe jeder Art,
Sideshowb |
Aktualität von System und Software