| |
| |||||||
Log-Analyse und Auswertung: VideoDownloadConverter / VideoDownloadConverter_4zWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.12.2013, 01:44
| #1 |
 |  VideoDownloadConverter / VideoDownloadConverter_4z Hallo zusammen, ich glaube ich habe mir da ein unerwünschtes Programm (PUP) laut AVAST-Scan eingefangen. Vor kurzem fand ja die Schach-WM statt. Diese Partien wurden auch live im Internet übertragen. Zuerst hatte ich Probleme der Übertragung zu folgen. Ganz oben war ein Link für den Download VideoConverter. Ich dachte den bräuchte ich um die Übertragung zu decodieren und habe ihn runtergeladen und installiert. Hatte dann nachher auch die Symbolleiste im IE 8. Habe wieder deinstalliert. Ist aber scheinbar nicht völlig deinstalliert worden. Adresse von der Page habe ich jetzt nicht zur Hand. hxxp://chennai2013.fide.com/anand-carlsen-video-with-commentary/ wars aber schon mal nicht. Anbei ein paar Logs. defogger_disable.log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:09 on 19/12/2013 (Heiko)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2013 05
Ran by Heiko (administrator) on DAGO on 19-12-2013 08:00:47
Running from C:\Dokumente und Einstellungen\Heiko\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVAST Software) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\scardsvr.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\WINDOWS\SYSTEM32\ati2evxx.exe
(Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(GEAR Software) C:\WINDOWS\SYSTEM32\GearSec.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Programme\Nero\Update\NASvc.exe
(AVAST Software) C:\Programme\Alwil Software\Avast5\AvastUI.exe
(Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
() C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
(Broadcom Corporation) C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ATIModeChange] - C:\WINDOWS\SYSTEM32\Ati2mdxx.exe [28672 2002-08-28] (ATI Technologies, Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] - C:\Programme\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2013-11-16] (VER_COMPANY_NAME)
HKLM\...\Run: [20131121] - C:\Programme\Alwil Software\Avast5\Setup\emupdate\c8f7b43e-b32a-4279-83ec-8b91f2d04477.exe [180184 2013-11-27] (AVAST Software)
HKLM\...\Run: [AvastUI.exe] - C:\Programme\Alwil Software\Avast5\AvastUI.exe [3568312 2013-11-27] (AVAST Software)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default User\...\Run: [MSMSGS] - "C:\Programme\Messenger\msmsgs.exe" /background
HKU\Udo\...\Run: [MSMSGS] - "C:\Programme\Messenger\msmsgs.exe" /background
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\programme\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x608CB2B4C662CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sf-longerich-1956.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1139&systemid=406&v=n9854-156&apn_uid=5273550239514623&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm255^YYA^de&si=CLSUsrzC6boCFUZY3godMGQAHA&ptb=8B00DFFE-FEB0-4365-968D-7433E185EC3A&ind=2013111613&n=77fda53d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {8480474C-95D1-4BDE-AC99-F8DC12BD77C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {8480474C-95D1-4BDE-AC99-F8DC12BD77C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm255^YYA^de&si=CLSUsrzC6boCFUZY3godMGQAHA&ptb=8B00DFFE-FEB0-4365-968D-7433E185EC3A&ind=2013111613&n=77fda53d&psa=&st=sb&searchfor={searchTerms}
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
========================== Services (Whitelisted) =================
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
R2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [254039 2003-04-29] ()
R2 avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [50344 2013-11-27] (AVAST Software)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
S4 cjpcsc; C:\WINDOWS\system32\cjpcsc.exe [506288 2011-02-08] (REINER SCT)
R2 GEARSecurity; C:\Windows\System32\GEARSEC.EXE [53248 2003-11-11] (GEAR Software)
S3 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-08-13] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-08-13] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-11-02] (Apple Inc.)
R2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [322120 2003-06-19] (Microsoft Corporation)
R2 NAUpdate; C:\Programme\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe [65536 2004-04-15] (HP)
S4 Roxio UPnP Renderer 9; C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [88560 2007-12-06] (Sonic Solutions)
S4 Roxio Upnp Server 9; C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe [362992 2007-12-06] (Sonic Solutions)
S4 RoxLiveShare9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [313840 2008-09-19] (Sonic Solutions)
S4 RoxMediaDB9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [1108464 2008-09-19] (Sonic Solutions)
S4 RoxWatch9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [170480 2008-09-19] (Sonic Solutions)
S3 SNDSrvc; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [206552 2005-04-05] (Symantec Corporation)
S3 TuneUp.UtilitiesSvc; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
R2 WLTRYSVC; C:\Windows\System32\bcmwltry.exe [184320 2003-01-10] (Broadcom Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S4 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2011-05-30] (Cisco Systems, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121688 2013-07-31] (SlySoft, Inc.)
R2 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [17005 2003-05-28] (Adaptec)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-27] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2013-11-27] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-27] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-27] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-27] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-27] ()
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [164224 2003-01-09] (Broadcom Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9336 2007-02-02] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9464 2007-02-02] (Sonic Solutions)
S3 cglptnt; C:\totalcmd\cglptnt.sys [7888 2003-02-18] (C. Ghisler & Co.)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2010-11-27] (REINER SCT)
S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [153344 2003-01-23] (Conexant Systems, Inc.)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation)
R1 ISODrive; C:\Programme\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R3 l8042pr2; C:\Windows\System32\DRIVERS\L8042Pr2.sys [50432 2001-09-19] (Logitech)
R3 LHidUsb; C:\Windows\System32\drivers\LHidUsb.Sys [37822 2001-09-19] (Logitech)
R3 LKbdFlt2; C:\Windows\System32\DRIVERS\LKbdFlt2.sys [5840 2001-09-19] (Logitech)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2002-08-29] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2002-08-29] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [46848 2008-04-14] (Microsoft Corporation)
R0 PrecSim; C:\Windows\System32\DRIVERS\precsim.sys [69600 2002-05-21] (Engelmann GmbH)
R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [220176 2003-04-25] (SigmaTel, Inc.)
R2 StreamDispatcher; C:\Windows\System32\DRIVERS\strmdisp.sys [22400 2003-01-23] (Conexant Systems, Inc.)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-05] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-05] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
S3 bvrp_pci; No ImagePath
S3 catchme; \??\C:\DOKUME~1\Heiko\LOKALE~1\Temp\catchme.sys [x]
S3 cpuz132; \??\C:\DOKUME~1\Heiko\LOKALE~1\Temp\PCWizard\pcwiz32.sys [x]
S3 esgiguard; \??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS [x]
U3 TlntSvr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-19 08:00 - 2013-12-19 08:01 - 00016193 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\FRST.txt
2013-12-19 08:00 - 2013-12-19 08:00 - 00000000 ____D C:\FRST
2013-12-19 02:09 - 2013-12-19 02:10 - 00000472 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\defogger_disable.log
2013-12-19 02:09 - 2013-12-19 02:09 - 00000000 _____ C:\Dokumente und Einstellungen\Heiko\defogger_reenable
2013-12-19 02:08 - 2013-12-19 02:08 - 00050477 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\Defogger.exe
2013-12-19 02:04 - 2013-12-19 02:04 - 01325654 _____ (Farbar) C:\Dokumente und Einstellungen\Heiko\Desktop\FRST.exe
2013-12-16 00:30 - 2013-12-16 00:30 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 00:32 - 2013-12-15 00:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-15 00:30 - 2013-12-15 00:32 - 00004417 _____ C:\WINDOWS\KB2904266.log
2013-12-14 12:13 - 2013-12-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-14 10:35 - 2013-12-14 10:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-14 10:24 - 2013-12-14 12:13 - 00003406 _____ C:\WINDOWS\updspapi.log
2013-12-14 10:20 - 2013-12-14 10:25 - 00011578 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00030913 _____ C:\WINDOWS\FaxSetup.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00011795 _____ C:\WINDOWS\tsoc.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00010384 _____ C:\WINDOWS\comsetup.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00007368 _____ C:\WINDOWS\setupapi.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00006289 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00004999 _____ C:\WINDOWS\iis6.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00001515 _____ C:\WINDOWS\msgsocm.log
2013-12-13 19:38 - 2013-12-15 00:32 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-13 19:38 - 2013-12-14 12:13 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-13 19:38 - 2013-12-13 19:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-13 19:38 - 2013-12-13 19:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-13 19:38 - 2013-12-13 19:38 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-13 18:48 - 2013-12-14 12:13 - 00012092 _____ C:\WINDOWS\KB2898715.log
2013-12-13 18:47 - 2013-12-14 10:35 - 00015537 _____ C:\WINDOWS\KB2893294.log
2013-12-13 18:47 - 2013-12-13 19:38 - 00008882 _____ C:\WINDOWS\KB2893984.log
2013-12-13 08:24 - 2013-12-19 02:11 - 00012466 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-13 08:24 - 2013-12-13 21:46 - 00328296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 19:27 - 2013-12-19 07:26 - 00298133 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-27 23:16 - 2013-11-27 23:16 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\AVAST Software
2013-11-27 08:14 - 2013-11-27 08:14 - 00001522 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2013-11-27 08:14 - 2013-11-27 08:14 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2013-11-27 08:12 - 2013-11-27 08:12 - 00000000 ____D C:\Programme\iPod
2013-11-27 08:11 - 2013-11-27 08:13 - 00000000 ____D C:\Programme\iTunes
2013-11-27 08:11 - 2013-11-27 08:13 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-27 07:55 - 2013-11-27 07:55 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-11-27 07:34 - 2013-11-27 07:34 - 00001766 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! SafeZone.lnk
2013-11-27 07:34 - 2013-11-27 07:34 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avast
2013-11-27 07:27 - 2013-11-27 07:27 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
==================== One Month Modified Files and Folders =======
2013-12-19 08:01 - 2013-12-19 08:00 - 00016193 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\FRST.txt
2013-12-19 08:00 - 2013-12-19 08:00 - 00000000 ____D C:\FRST
2013-12-19 07:41 - 2011-08-17 23:08 - 00000300 _____ C:\WINDOWS\hpbafd.ini
2013-12-19 07:34 - 2012-07-03 23:26 - 00000358 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-19 07:26 - 2013-12-12 19:27 - 00298133 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-19 07:24 - 2003-07-02 14:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-19 07:24 - 2002-09-11 13:41 - 00000159 ____C C:\WINDOWS\WIADEBUG.LOG
2013-12-19 07:24 - 2002-09-11 13:41 - 00000050 ____C C:\WINDOWS\WIASERVC.LOG
2013-12-19 02:11 - 2013-12-13 08:24 - 00012466 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-19 02:11 - 2003-07-08 13:15 - 00000300 ___SH C:\Dokumente und Einstellungen\Heiko\NTUSER.INI
2013-12-19 02:10 - 2013-12-19 02:09 - 00000472 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\defogger_disable.log
2013-12-19 02:09 - 2013-12-19 02:09 - 00000000 _____ C:\Dokumente und Einstellungen\Heiko\defogger_reenable
2013-12-19 02:09 - 2003-07-08 13:15 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko
2013-12-19 02:08 - 2013-12-19 02:08 - 00050477 _____ C:\Dokumente und Einstellungen\Heiko\Desktop\Defogger.exe
2013-12-19 02:04 - 2013-12-19 02:04 - 01325654 _____ (Farbar) C:\Dokumente und Einstellungen\Heiko\Desktop\FRST.exe
2013-12-18 00:53 - 2011-02-08 08:09 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-17 18:09 - 2010-09-06 23:21 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-12-17 18:09 - 2003-07-02 14:08 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL
2013-12-16 00:30 - 2013-12-16 00:30 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-16 00:30 - 2010-09-06 23:21 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-12-16 00:26 - 2013-11-16 15:34 - 00000000 ____D C:\Programme\VideoDownloadConverter
2013-12-15 10:00 - 2013-08-19 00:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 09:57 - 2005-05-11 07:00 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-15 00:32 - 2013-12-15 00:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-15 00:32 - 2013-12-15 00:30 - 00004417 _____ C:\WINDOWS\KB2904266.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00030913 _____ C:\WINDOWS\FaxSetup.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00011795 _____ C:\WINDOWS\tsoc.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00010384 _____ C:\WINDOWS\comsetup.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00007368 _____ C:\WINDOWS\setupapi.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00006289 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00004999 _____ C:\WINDOWS\iis6.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00001515 _____ C:\WINDOWS\msgsocm.log
2013-12-15 00:32 - 2013-12-13 19:38 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-15 00:32 - 2010-05-28 00:19 - 00047776 ____C C:\WINDOWS\system32\TZLog.log
2013-12-14 12:13 - 2013-12-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-14 12:13 - 2013-12-14 10:24 - 00003406 _____ C:\WINDOWS\updspapi.log
2013-12-14 12:13 - 2013-12-13 19:38 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-14 12:13 - 2013-12-13 18:48 - 00012092 _____ C:\WINDOWS\KB2898715.log
2013-12-14 10:35 - 2013-12-14 10:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-14 10:35 - 2013-12-13 18:47 - 00015537 _____ C:\WINDOWS\KB2893294.log
2013-12-14 10:25 - 2013-12-14 10:20 - 00011578 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-14 10:24 - 2011-02-01 01:24 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-13 21:46 - 2013-12-13 08:24 - 00328296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-13 19:38 - 2013-12-13 19:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-13 19:38 - 2013-12-13 19:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-13 19:38 - 2013-12-13 19:38 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-13 19:38 - 2013-12-13 18:47 - 00008882 _____ C:\WINDOWS\KB2893984.log
2013-12-05 17:35 - 2011-01-12 15:27 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Eigene Dateien\FUN
2013-11-30 19:25 - 2003-08-22 16:17 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Eigene Dateien\Download
2013-11-27 23:16 - 2013-11-27 23:16 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Anwendungsdaten\AVAST Software
2013-11-27 08:14 - 2013-11-27 08:14 - 00001522 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2013-11-27 08:14 - 2013-11-27 08:14 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2013-11-27 08:14 - 2003-07-02 13:53 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-11-27 08:13 - 2013-11-27 08:11 - 00000000 ____D C:\Programme\iTunes
2013-11-27 08:13 - 2013-11-27 08:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-27 08:12 - 2013-11-27 08:12 - 00000000 ____D C:\Programme\iPod
2013-11-27 08:12 - 2003-07-02 13:53 - 00000000 ___RD C:\Programme
2013-11-27 08:11 - 2010-06-17 22:37 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Apple
2013-11-27 07:55 - 2013-11-27 07:55 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-11-27 07:50 - 2013-03-16 18:50 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-27 07:50 - 2011-06-22 20:04 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-27 07:34 - 2013-11-27 07:34 - 00001766 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! SafeZone.lnk
2013-11-27 07:34 - 2013-11-27 07:34 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avast
2013-11-27 07:34 - 2011-07-30 09:09 - 00001706 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Pro Antivirus.lnk
2013-11-27 07:33 - 2013-03-16 10:05 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-11-27 07:33 - 2013-03-16 10:05 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-11-27 07:33 - 2013-03-16 10:05 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-11-27 07:33 - 2011-03-06 18:02 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-11-27 07:33 - 2010-12-21 02:12 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-11-27 07:33 - 2010-12-21 02:12 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-11-27 07:33 - 2010-12-21 02:12 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-11-27 07:33 - 2010-12-21 02:12 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-11-27 07:33 - 2010-12-21 02:11 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-11-27 07:33 - 2010-12-21 02:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-11-27 07:32 - 2012-02-25 17:08 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2013-11-27 07:27 - 2013-11-27 07:27 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-11-27 07:26 - 2002-09-11 13:48 - 00002953 ____C C:\WINDOWS\system32\CONFIG.NT
2013-11-22 00:40 - 2003-07-17 21:29 - 00000000 ____D C:\Dokumente und Einstellungen\Heiko\Eigene Dateien\ChessBase
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\temp\BundleSweetIMSetup.exe
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\temp\Delta.exe
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\temp\DeltaTB.exe
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\temp\jre-7u45-windows-i586-iftw.exe
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\temp\MybabylonTB.exe
C:\Dokumente und Einstellungen\Heiko\Lokale Einstellungen\temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2002-08-29 05:00] - [2008-04-14 03:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2002-08-29 05:00] - [2008-04-14 03:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2002-08-29 05:00] - [2008-04-14 03:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2002-08-29 05:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2002-08-29 05:00] - [2008-04-14 03:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2002-08-29 05:00] - [2008-04-14 03:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2002-08-29 05:00] - [2008-04-14 02:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-12-2013 05
Ran by Heiko at 2013-12-19 08:01:44
Running from C:\Dokumente und Einstellungen\Heiko\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
aEton CommunicaEor (Version: 0.0.9.57)
AnyDVD (Version: 7.3.1.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI Control Panel
ATI Display Driver
avast! Pro Antivirus (Version: 9.0.2008)
BACS (Version: 3.36.0000)
BattleCom Client
BlackBerry Desktop Software 4.7 (Version: 4.7.0.25)
Blu-ray to DVD converter 1.0.0.3
Bonjour (Version: 3.0.0.10)
Broadcom Advanced Control Suite (Version: 3.36.0000)
CCleaner (Version: 4.07)
CDRWIN 5 (Version: 0)
CloneCD
Conexant D480 MDC V.92 Modem
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
cyberJack Base Components (Version: 6.9.10)
DaViDeo 3 (Version: 3.0)
Dell ResourceCD
Dell Solution Center (Version: 1.00.0000)
Dell TrueMobile 1300 WLAN Mini-PCI Card
Document Express DjVu Plug-in (Version: 6.1.26155)
DVD Shrink 3.1.7
DVDSentry (Version: 1.00.0000)
eMule
eMusic - 50 Free MP3 offer
EVEREST Ultimate Edition v5.50 (Version: 5.50)
Exact Audio Copy 1.0beta1 (Version: 1.0beta1)
Fritz8
Google Earth Plug-in (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.21.165)
Help and Support Customization (Version: 1.00.0000)
High-Definition Video Playback (Version: 11.1.11100.4.196)
Houdini Version 3 (Version: 3)
HP PrecisionScan Pro und Dienstprogramme
InterVideo WinDVD
IrfanView (remove only) (Version: 4.36)
IsoBuster 3.2 (Version: 3.2)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
K-Lite Mega Codec Pack 6.3.0 (Version: 6.3.0)
Logitech MouseWare 9.41 .1
Logitech-Handbuch
Magic FLAC to MP3 Converter 3.72
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 7.0 (Version: 07.02.0702)
MobileMe Control Panel (Version: 3.1.8.0)
Modem Helper
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nero 11 (Version: 11.0.10100)
Nero 11 Cliparts (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 1 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 2 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus 3 (Version: 11.0.11200.12.0)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11400.14.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 1 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 2 (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11400.14.0)
Nero 11 Video Samples (Version: 11.0.11200.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.2.18400.2.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10400)
Nero Backup Drivers (Version: 1.0.10000.1.0)
Nero Burning ROM 11 (Version: 11.2.10300.0.0)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10000)
Nero ControlCenter 11 (Version: 11.0.12700.0.27)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10000)
Nero Core Components 11 (Version: 11.0.16000.1.20)
Nero CoverDesigner 11 (Version: 6.0.11000.13.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10000)
Nero Express 11 (Version: 11.2.10300.0.0)
Nero Express 11 Help (CHM) (Version: 11.0.10000)
Nero Kwik Media (Version: 1.10.24800.146.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Prerequisite Installer 1.0 (Version: 11.0.11500)
Nero Recode 11 (Version: 5.2.10900.0.0)
Nero Recode 11 Help (CHM) (Version: 11.0.10000)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10000)
Nero SharedVideoCodecs (Version: 1.0.11500.1.5)
Nero SoundTrax 11 (Version: 5.0.10700.6.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10000)
Nero Update (Version: 11.0.11500.28.0)
Nero Video 11 (Version: 8.2.15700.3.100)
Nero Video 11 Help (CHM) (Version: 11.0.10000)
Nero WaveEditor 11 (Version: 6.2.11300.0.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10000)
nero.prerequisites.msi (Version: 11.0.20010)
NewsBin Pro (Version: 5.57)
QuickPar 0.9 (Version: 0.9)
QuickTime (Version: 7.74.80.86)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0139)
RevoBar Toolbar (Version: 6.5.2.8)
Roxio Media Manager (Version: 9.4.051)
Rybka 3 (Version: 3.0)
Rybka 4 (Version: 12.0.0)
SaferSurf Setup
Shredder7
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1)
Sicherheitsupdate für Windows XP (KB2892075) (Version: 1)
Sicherheitsupdate für Windows XP (KB2893294) (Version: 1)
Sicherheitsupdate für Windows XP (KB2893984) (Version: 1)
Sicherheitsupdate für Windows XP (KB2898715) (Version: 1)
Smart File Advisor 1.1.1 (Version: 1.1.1)
StarMoney (Version: 5.0)
StarMoney 5.0 S-Edition (Version: 5.0)
STHSDVD
Symantec Network Drivers Update (Version: 5.5.1.6)
Synaptics Pointing Device Driver
Total Commander (Remove or Repair)
TuneUp Utilities 2012 (Version: 12.0.3600.73)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73)
UltraISO Premium V9.53
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update für Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update für Windows Internet Explorer 8 (KB976662) (Version: 1)
Update für Windows XP (KB2904266) (Version: 1)
VideoDownloadConverter Internet Explorer Toolbar <==== ATTENTION
WebFldrs XP (Version: 9.50.6513)
welcome (Version: 11.0.21500.0.4)
Winamp (Version: 5.572 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools (Version: 5.1.2510.0)
Windows XP Service Pack 3 (Version: 20080414.031514)
Winrar 3.93
WinRAR 5.00 (32-Bit) (Version: 5.00.0)
==================== Restore Points =========================
16-11-2013 09:40:43 Systemprüfpunkt
19-11-2013 01:32:11 Systemprüfpunkt
19-11-2013 12:44:26 Software Distribution Service 3.0
20-11-2013 20:21:52 Systemprüfpunkt
22-11-2013 19:27:25 Systemprüfpunkt
24-11-2013 14:48:07 Systemprüfpunkt
26-11-2013 15:18:47 Systemprüfpunkt
27-11-2013 06:28:51 avast! antivirus system restore point
03-12-2013 11:49:36 Systemprüfpunkt
08-12-2013 19:32:00 Systemprüfpunkt
12-12-2013 19:46:20 Software Distribution Service 3.0
13-12-2013 18:36:48 Software Distribution Service 3.0
14-12-2013 09:20:05 Software Distribution Service 3.0
14-12-2013 09:34:11 Software Distribution Service 3.0
14-12-2013 11:12:12 Software Distribution Service 3.0
14-12-2013 23:30:29 Software Distribution Service 3.0
15-12-2013 08:57:18 Software Distribution Service 3.0
18-12-2013 01:18:03 Systemprüfpunkt
19-12-2013 06:40:43 Systemprüfpunkt
==================== Hosts content: ==========================
2002-08-29 05:00 - 2011-11-18 17:42 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Programme\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job => C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
==================== Loaded Modules (whitelisted) =============
2013-12-18 23:43 - 2013-12-18 19:48 - 02152960 _____ () C:\Programme\Alwil Software\Avast5\defs\13121802\algo.dll
2003-02-07 16:24 - 2003-02-07 16:24 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
2013-11-27 07:33 - 2013-11-27 07:33 - 19336120 _____ () C:\Programme\Alwil Software\Avast5\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/15/2013 04:58:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23328825
Error: (12/15/2013 04:58:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23328825
Error: (12/15/2013 04:58:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/14/2013 00:50:08 PM) (Source: Application Hang) (User: )
Description: Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (12/02/2013 01:10:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18570272
Error: (12/02/2013 01:10:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18570272
Error: (12/02/2013 01:10:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/30/2013 07:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30076878
Error: (11/30/2013 07:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30076878
Error: (11/30/2013 07:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (12/19/2013 07:24:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (12/18/2013 11:38:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (12/18/2013 11:38:29 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2
Error: (12/18/2013 00:53:52 AM) (Source: W32Time) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error: (12/18/2013 00:53:52 AM) (Source: W32Time) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time-nw.nist.gov,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error: (12/18/2013 00:53:52 AM) (Source: W32Time) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error: (12/18/2013 00:53:52 AM) (Source: W32Time) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time-nw.nist.gov,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error: (12/18/2013 00:53:46 AM) (Source: 0) (User: )
Description: \Device\ACPIEC
Error: (12/17/2013 06:09:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (12/15/2013 04:58:13 PM) (Source: W32Time) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Microsoft Office Sessions:
=========================
Error: (12/15/2013 04:58:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23328825
Error: (12/15/2013 04:58:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23328825
Error: (12/15/2013 04:58:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/14/2013 00:50:08 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
Error: (12/02/2013 01:10:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18570272
Error: (12/02/2013 01:10:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18570272
Error: (12/02/2013 01:10:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/30/2013 07:04:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30076878
Error: (11/30/2013 07:04:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30076878
Error: (11/30/2013 07:04:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 1022.42 MB
Available physical RAM: 668.78 MB
Total Pagefile: 1694.45 MB
Available Pagefile: 1438.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:37.21 GB) (Free:2.6 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=37 GB) - (Type=07 NTFS)
==================== End Of Log ============================
gmer.log: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-20 07:57:53
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HITACHI_DK23EB-40 rev.00K0A0C0 37,26GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Heiko\LOKALE~1\Temp\pxtdapog.sys
---- System - GMER 2.1 ----
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB23B8B10]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB23B95EE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xB23FD43E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xB23C55E0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB23C562C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB23C57C6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xB23FCDF2]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xB23C554E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xB23C5670]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB23C5596]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xB23B9B24]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xB23C5780]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB23BA3DC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB23B8B76]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xB23FDB04]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB23FDDBA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB23BDB58]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB23FD96F]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB23FD7DA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xB23B875E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB23B8BDC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB23BDF4E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB23BAE6C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xB23C560A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB23C564E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB23C57EA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xB23FD14E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xB23C5574]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xB23BD452]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xB23C56FE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB23C55BE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xB23BD83A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xB23C57A4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB246E0CC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xB23FD655]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xB23BAD38]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB23FD4A7]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB23BA88E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xB247BF22]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xB23FC438]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB23B8C42]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB23B8CA8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xB23BA256]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB23B87F8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB23B89CE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xB23FDC0B]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB23B895C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB23BA5A6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xB23BA708]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB23B8A56]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB23BA094]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xB23BA236]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xB23B8D0E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB23B964A]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!_abnormal_termination + 220 804E27F4 4 Bytes [EA, 57, 3C, B2]
.text ntoskrnl.exe!_abnormal_termination + 34D 804E2921 3 Bytes [BF, 47, B2]
.text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [42, 8C, 3B, B2, A8, 8C, 3B, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [A6, A5, 3B, B2, 08, A7, 3B, ...]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL B23BB519 \??\C:\WINDOWS\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[252] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[296] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[296] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[496] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\SCardSvr.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\SCardSvr.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[616] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[616] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\iTunes\iTunesHelper.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\iTunes\iTunesHelper.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[884] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[884] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\locator.exe[908] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\locator.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\bcmwltry.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\bcmwltry.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1204] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1264] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1264] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1296] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1656] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\SYSTEM32\GEARSEC.EXE[1776] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\SYSTEM32\GEARSEC.EXE[1776] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\Ati2evxx.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\Ati2evxx.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Bonjour\mDNSResponder.exe[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Bonjour\mDNSResponder.exe[1816] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Dokumente und Einstellungen\Heiko\Desktop\gmer_2.1.19163.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Heiko\Desktop\gmer_2.1.19163.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\iPod\bin\iPodService.exe[2244] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\iPod\bin\iPodService.exe[2244] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2512] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2952] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2952] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3152] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3152] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVol.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVolUp.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 NBVol.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 NBVolUp.sys
Device \Driver\Cdrom \Device\CdRom0 86F5A96E
Device \Driver\atapi \Device\Ide\IdePort0 86F5C014
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F5C014
Device \Driver\atapi \Device\Ide\IdePort1 86F5C014
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86F5C014
Device \Driver\Cdrom \Device\CdRom1 86F5A96E
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
Device \Driver\PrecSim \Device\Scsi\PrecSim1Port0Path0Target0Lun0 86F5C00C
Device \Driver\PrecSim \Device\Scsi\PrecSim1 86F5C00C
Device \FileSystem\Fastfat \Fat B029FD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86f5c014]<< 86f5c014
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f55ab8] 86f55ab8
Trace 3 CLASSPNP.SYS[f76e3fd7] -> nt!IofCallDriver -> \Device\00000088[0x86f899e8] 86f899e8
Trace 5 ACPI.sys[f7659620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86f7e940] 86f7e940
Trace \Driver\atapi[0x86f63940] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86f5c014 86f5c014
---- EOF - GMER 2.1 ----
Wie gehe ich am besten vor? Vielen Dank schon mal. LG Data |
| Themen zu VideoDownloadConverter / VideoDownloadConverter_4z |
| administrator, anschluss, browser, classpnp.sys, einstellungen, explorer, flash player, hal.dll, internet, ntdll.dll, plug-in, programm, programme, pup.optional.bandoo.a, pup.optional.funwebproducts.a, pup.optional.mindspark, pup.optional.moviestoolbar.a, security, software, windows xp, wuauclt.exe |
Baum-Darstellung