Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
snap.do

snap.do


Plagegeister aller Art und deren Bekämpfung: snap.do

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.04.2013, 18:42   #8
flarvu
 
snap.do - Standard

snap.do


Teil2:
Zitat:
========== Files - Modified Within 30 Days ==========

[2013.04.05 19:06:08 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 19:06:08 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 19:04:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 19:04:46 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 19:04:46 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 19:04:46 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 19:04:46 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 18:58:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 18:58:14 | 468,881,407 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 20:15:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.03 23:00:20 | 000,435,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.03 18:52:17 | 000,001,239 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.04.03 18:48:07 | 536,513,473 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.03 17:46:58 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.04.03 17:46:58 | 000,002,170 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.04.03 17:45:34 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.04.03 17:35:48 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.02 23:10:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.02 22:11:09 | 000,002,326 | ---- | M] () -- C:\Users\***\Desktop\Search.lnk
[2013.04.01 21:56:51 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2013.04.01 21:31:48 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.01 21:31:48 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.01 21:14:19 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.01 21:13:52 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.01 20:50:41 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Control Center.lnk
[2013.04.01 20:19:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SABI_01009.Wdf
[2013.04.01 16:19:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.01 16:19:43 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.01 16:19:43 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.01 16:19:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.01 16:19:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.01 16:19:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.01 16:19:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.04.01 16:19:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.01 16:19:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.04.01 16:19:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.01 16:19:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.01 16:19:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.01 16:19:43 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.01 16:19:43 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.04.01 16:19:43 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.01 16:19:43 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.01 16:19:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.01 16:19:43 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.04.01 16:19:43 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.01 16:19:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.01 16:19:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.01 16:19:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.01 16:19:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.01 16:19:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.01 16:19:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.04.01 16:19:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.01 16:19:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 16:19:43 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.01 16:19:43 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.01 16:19:43 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.01 16:19:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.01 16:19:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.01 16:19:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.01 16:19:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.01 16:19:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.01 16:19:42 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.01 16:19:42 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.01 16:19:42 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.01 16:19:42 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.01 16:19:42 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.01 16:19:42 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.01 16:19:42 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.01 16:19:42 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.01 16:19:42 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.01 16:19:42 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.04.01 16:19:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.01 16:19:42 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.01 16:19:42 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.01 16:19:42 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.01 16:19:42 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.01 16:19:42 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.01 16:19:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.04.01 16:19:42 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.01 16:19:42 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.04.01 16:19:42 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.01 16:19:42 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.01 16:19:42 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.01 16:19:42 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.04.01 16:19:42 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.01 16:19:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.01 16:19:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.01 16:19:42 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.01 16:19:42 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.01 16:19:42 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.01 16:19:42 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.01 16:19:42 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.01 16:19:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.01 16:19:42 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.01 16:19:42 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.01 16:19:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.01 16:19:42 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.01 16:19:42 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.01 16:19:42 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.01 16:19:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.01 15:56:31 | 001,178,624 | ---- | M] (CPUID) -- C:\Users\***\AppData\Roaming\siw_sdk.dll
[2013.04.01 15:33:28 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2013.04.01 15:19:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2013.04.01 14:58:27 | 000,016,404 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013.04.01 14:50:41 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.04.01 14:45:09 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.01 14:42:03 | 000,000,939 | ---- | M] () -- C:\Users\***\Desktop\SIW.lnk
[2013.04.01 14:00:24 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.01 13:35:24 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.04.01 13:35:24 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.04.01 13:33:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.31 21:15:09 | 152,249,762 | ---- | M] () -- C:\Users\***\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.03.31 20:31:35 | 020,427,472 | ---- | M] (Mozilla) -- C:\Users\***\Desktop\Firefox_Setup_19.0.2.exe
[2013.03.31 19:55:57 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\***\Desktop\chrome_installer141043.exe

========== Files Created - No Company Name ==========

[2013.04.03 21:34:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.04.03 18:52:17 | 000,001,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.04.03 18:48:07 | 536,513,473 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.03 17:46:58 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.04.03 17:46:58 | 000,002,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.04.03 17:45:34 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.04.03 17:45:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.04.03 17:35:48 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.02 23:10:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.02 22:11:09 | 000,002,388 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.02 22:11:09 | 000,002,326 | ---- | C] () -- C:\Users\***\Desktop\Search.lnk
[2013.04.01 21:31:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 21:14:19 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.01 20:50:41 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Control Center.lnk
[2013.04.01 20:21:25 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.04.01 20:19:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SABI_01009.Wdf
[2013.04.01 16:19:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 16:19:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.01 16:14:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.04.01 15:38:40 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.04.01 15:33:28 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2013.04.01 15:33:26 | 000,000,433 | ---- | C] () -- C:\Windows\SlientUninstall.iss
[2013.04.01 15:19:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2013.04.01 14:58:27 | 000,016,404 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.04.01 14:50:41 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.04.01 14:45:09 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.01 14:43:34 | 152,249,762 | ---- | C] () -- C:\Users\***\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.04.01 14:42:03 | 000,000,939 | ---- | C] () -- C:\Users\***\Desktop\SIW.lnk
[2013.04.01 14:00:23 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.01 14:00:23 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.01 13:39:57 | 000,001,409 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.04.01 13:39:50 | 000,001,443 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.01 13:35:18 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.04.01 13:35:15 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.04.01 13:33:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.01 13:31:29 | 468,881,407 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.10 14:27:24 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.01.10 14:27:24 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.01.10 14:27:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.01.10 14:16:52 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.01.10 13:29:52 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet /s >
"" = IEXPLORE.EXE
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE]
"" = Mozilla Firefox
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities]
"ApplicationDescription" = Firefox ermöglicht sicheres und einfaches Surfen. Mit einer gewohnten Oberfläche, verbesserten Sicherheitsfunktionen, inklusive Schutz vor Identitätsdiebstahl und integrierter Suche holen Sie mehr aus dem Web.
"ApplicationIcon" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0 -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
"ApplicationName" = Firefox
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\FileAssociations]
".htm" = FirefoxHTML
".html" = FirefoxHTML
".shtml" = FirefoxHTML
".xht" = FirefoxHTML
".xhtml" = FirefoxHTML
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\StartMenu]
"StartMenuInternet" = FIREFOX.EXE
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\URLAssociations]
"ftp" = FirefoxURL
"http" = FirefoxURL
"https" = FirefoxURL
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\DefaultIcon]
"" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0 -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo]
"HideIconsCommand" = "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts -- [2013.03.07 17:45:42 | 000,867,704 | ---- | M] (Mozilla Corporation)
"ShowIconsCommand" = "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts -- [2013.03.07 17:45:42 | 000,867,704 | ---- | M] (Mozilla Corporation)
"ReinstallCommand" = "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal -- [2013.03.07 17:45:42 | 000,867,704 | ---- | M] (Mozilla Corporation)
"IconsVisible" = 1
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell]
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open]
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command]
"" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties]
"" = Firefox-&Optionen
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command]
"" = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode]
"" = Firefox-&Abgesicherter Modus
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command]
"" = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE]
"" = Internet Explorer
"LocalizedString" = @C:\Program Files (x86)\Internet Explorer\iexplore.exe,-702 -- [2013.04.01 16:19:43 | 000,757,296 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\DefaultIcon]
"" = C:\Program Files (x86)\Internet Explorer\iexplore.exe,-9 -- [2013.04.01 16:19:43 | 000,757,296 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo]
"IconsVisible" = 1
"ShowIconsCommand" = "C:\Windows\System32\ie4uinit.exe" -show -- [2013.04.01 16:19:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
"ReinstallCommand" = "C:\Windows\System32\ie4uinit.exe" -reinstall -- [2013.04.01 16:19:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
"HideIconsCommand" = "C:\Windows\System32\ie4uinit.exe" -hide -- [2013.04.01 16:19:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell]
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom]
"MUIVerb" = @C:\Windows\System32\ieframe.dll,-39229 -- [2013.04.01 16:19:43 | 009,738,240 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command]
"" = "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff -- [2013.04.01 16:19:43 | 000,757,296 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open]
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command]
"" = C:\Program Files (x86)\Internet Explorer\iexplore.exe -- [2013.04.01 16:19:43 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet /64 /s >
"" = IEXPLORE.EXE
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE]
"" = Mozilla Firefox
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities]
"ApplicationDescription" = Firefox ermöglicht sicheres und einfaches Surfen. Mit einer gewohnten Oberfläche, verbesserten Sicherheitsfunktionen, inklusive Schutz vor Identitätsdiebstahl und integrierter Suche holen Sie mehr aus dem Web.
"ApplicationIcon" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
"ApplicationName" = Firefox
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\FileAssociations]
".htm" = FirefoxHTML
".html" = FirefoxHTML
".shtml" = FirefoxHTML
".xht" = FirefoxHTML
".xhtml" = FirefoxHTML
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\StartMenu]
"StartMenuInternet" = FIREFOX.EXE
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\URLAssociations]
"ftp" = FirefoxURL
"http" = FirefoxURL
"https" = FirefoxURL
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\DefaultIcon]
"" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo]
"HideIconsCommand" = C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe -- [2013.03.07 17:45:42 | 000,867,704 | ---- | M] (Mozilla Corporation)
"ShowIconsCommand" = C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe -- [2013.03.07 17:45:42 | 000,867,704 | ---- | M] (Mozilla Corporation)
"ReinstallCommand" = C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe -- [2013.03.07 17:45:42 | 000,867,704 | ---- | M] (Mozilla Corporation)
"IconsVisible" = 1
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell]
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open]
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command]
"" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties]
"" = Firefox-&Optionen
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command]
"" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode]
"" = Firefox-&Abgesicherter Modus
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command]
"" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe -- [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE]
"" = Internet Explorer
"LocalizedString" = C:\Program Files (x86)\Internet Explorer\iexplore.exe -- [2013.04.01 16:19:43 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\DefaultIcon]
"" = C:\Program Files (x86)\Internet Explorer\iexplore.exe -- [2013.04.01 16:19:43 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo]
"IconsVisible" = 1
"ShowIconsCommand" = C:\Windows\SysNative\ie4uinit.exe -- [2013.04.01 16:19:42 | 000,089,088 | ---- | M] (Microsoft Corporation)
"ReinstallCommand" = C:\Windows\SysNative\ie4uinit.exe -- [2013.04.01 16:19:42 | 000,089,088 | ---- | M] (Microsoft Corporation)
"HideIconsCommand" = C:\Windows\SysNative\ie4uinit.exe -- [2013.04.01 16:19:42 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell]
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom]
"MUIVerb" = C:\Windows\SysNative\ieframe.dll -- [2013.04.01 16:19:42 | 010,925,568 | ---- | M] (Microsoft Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command]
"" = C:\Program Files (x86)\Internet Explorer\iexplore.exe -- [2013.04.01 16:19:43 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open]
64bit: [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command]
"" = C:\Program Files (x86)\Internet Explorer\iexplore.exe -- [2013.04.01 16:19:43 | 000,757,296 | ---- | M] (Microsoft Corporation)

< >

< End of report >
extras.txt:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.04.2013 19:14:42 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,92 Gb Total Physical Memory | 4,49 Gb Available Physical Memory | 75,92% Memory free
11,83 Gb Paging File | 10,30 Gb Available in Paging File | 87,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 81,00 Gb Total Space | 45,29 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
Drive D: | 493,66 Gb Total Space | 39,04 Gb Free Space | 7,91% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1826107528-1718454947-1028040392-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A1ECE9E-651B-4586-8120-89EB253F8566}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1FC8C39A-8315-4622-9661-7A5DDA3C2F73}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2A839C4B-3DBB-4F4D-8CDF-4D54EA85A4A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4319FDDA-8DFE-46F4-88B4-75BABABC6A05}" = rport=138 | protocol=17 | dir=out | app=system | 
"{437A44D2-9AD8-42F4-AF48-4A3D06989596}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C532C5C-83A0-4F48-AE9A-69CDC275DC6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{650306E0-07D1-4B30-BFF8-B63888AED72D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{66345C5F-927D-4FE8-8DF8-69D8604CC3B8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{71517843-9C1B-4509-84E9-EE00EDF18243}" = rport=139 | protocol=6 | dir=out | app=system | 
"{739CCE42-0AA8-4A8B-9DB4-59196157E272}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{79F3FE54-B4F1-466C-8E29-F4A026CD8943}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7DB016E1-9D14-4233-9297-A59AB754ADEF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8BDE8C80-0096-43E9-93D7-8BE63782A944}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{952A3DE3-BF89-41F3-84D4-41233F4B56FC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AFC54046-650C-46FF-8AB9-DF7CF52D9AEB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BD207925-3394-43FE-9BDA-EF3CCE82263E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C25D6238-052D-4ECA-B24B-F8772DD3BD7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D222E6C5-E171-46B5-BEA1-44C4546C7851}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{D804CF7E-7E7C-4163-A9C7-D5320A77F5A4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E4777387-FEF5-4186-9F4A-0C04B793F7BF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E8D54419-77D1-4FFF-8E7C-02ACA03AA20D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F719DDEB-3FE9-4064-9A13-775126CE1A87}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084CEF76-18AC-4E2D-90EF-4FACB89AE481}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{0DF4FF99-69B0-4015-98DB-0EF293386153}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{227D68F2-5AEC-4684-8D5D-1C6B3A790B9D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{25E253CD-AAAC-4557-8A8E-A02CB171224B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{31773E10-DA6D-45B4-99BA-C6F2CE18B5E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{522ECD6D-A7F1-4978-A958-C5A63D31E9A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5788A8DC-83DD-4188-A31F-23E2D50D36F0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{6072F01F-F663-471B-ADC3-6BEA5C983059}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6FC1BFC3-EBD0-4711-B7B8-AE35DDC2A759}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{701EB3E1-ACDD-415E-B004-82BD490826F9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7876A471-BFF4-43EE-B266-55B54199DBE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A854F75-AA55-40C8-93B8-6D6A88A8D755}" = protocol=6 | dir=out | app=system | 
"{7C2EF00A-A6B6-40C7-9118-845DCE6B6C09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{87639939-E034-4F61-A4D0-B4480E683898}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F80CFC5-022B-4456-8EC8-B4B1F243C022}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F019A9F-5D77-404A-89CF-F33EA2A0E72B}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{9FDEB898-D6C5-43D6-8E5C-F90E94A8D423}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA2D34D8-0D25-4972-A3D5-609D96774E39}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C55E2F0D-E130-4E5E-9758-5255047779E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2F0B4C7-3978-452D-8E9A-76E229ACDDEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3D8C68B-CCA7-4CAE-B864-B981194263BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4D7662A-6039-4615-8F84-4DD7E7F73596}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBC1CC4E-C644-4C3D-AB57-B87A022FA8F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F457E30A-DAC2-4786-A8BA-ED7596228FFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Samsung Control Center
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1826107528-1718454947-1028040392-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
< End of report >
--- --- ---

 

Themen zu snap.do
appdata, avira, blockiert, browser, c:\windows, entfernen, gesucht, gmer, hilfreich, hochfahren, internet, laden, laptop, löschen, malwarebytes, meldung, minidump, neu, offline, online, registry, scan, snap.do, system, system neu, system32, systemsteuerung, temp, treiber, windows


« Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits | Bestimmte Internetseiten gehen auf einmal(!) nicht mehr »


Ähnliche Themen: snap.do


  1. Kann Snap.do & Snap.do engine gar nicht deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (3)
  2. Snap.do / Snap.do engine entdeckt
    Log-Analyse und Auswertung - 23.05.2015 (9)
  3. Snap.Do
    Log-Analyse und Auswertung - 17.12.2013 (15)
  4. Wie entferne ich Snap.Do?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (3)
  5. snap.do entfernen
    Log-Analyse und Auswertung - 31.07.2013 (11)
  6. snap.do
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (7)
  7. snap.do
    Log-Analyse und Auswertung - 11.06.2013 (35)
  8. Snap.Do hat zugeschlagen
    Log-Analyse und Auswertung - 11.05.2013 (11)
  9. snap.do eingefangen :-S
    Plagegeister aller Art und deren Bekämpfung - 10.05.2013 (25)
  10. Snap.do malware?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (1)
  11. Problem mit Snap.do
    Log-Analyse und Auswertung - 01.05.2013 (7)
  12. snap.do eingefangen in XP
    Log-Analyse und Auswertung - 23.04.2013 (3)
  13. Snap.Do Trojaner! Wie entferne ich Snap.Do?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (12)
  14. snap.do Infizierung
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (3)
  15. snap.do eingefangen
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (16)
  16. Snap.do - mit AnyVideoConverter
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (11)
  17. "search.snap.do" als Startseite und "Snap.Do" auf Symbolleiste
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (37)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema snap.do - Teil2: Zitat: ========== Files - Modified Within 30 Days ========== [2013.04.05 19:06:08 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.05 19:06:08 | 000,020,576 | -H-- | M] () - snap.do...
Archiv
Du betrachtest: snap.do auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19