EXP/CVE-2012-1723.A.3417, *.3228 und EXP/CVE20121723.BZJ

daime · 06.03.2013, 20:31

Hallo zusammen,

im letzten halben Jahr hatte ich erstmals (oder erstmals bemerkt?) Probleme mit Trojanern (Bundestrojaner) und einem gehackten Mailaccount.
Nachdem Avira Antivir gestern die drei im Titel genannten Viren gefunden und davon nur EXP/CVE20121723.BZJ in Quarantäne geschoben hat, würde ich mich über eure Hilfe beim Entfernen sehr freuen.

Auf meinem Laptop ist Virtual Clone Drive installiert, ich habe jedoch in Schritt 1 den defogger der Anleitung folgend benutzt. Ein Neustart wurde nicht gefordert.

Unten findet ihr die von mir nach eurer Anleitung erstellten Logfiles. (Ihr werdet darin gegebenenfalls über ein paar asiatische Domains stolpern; das sind teilweise Sachen, die ich zur Nutzung des Uninetzwerks im Ausland installieren musste und bei Gelegenheit auch gerne wieder loswerden würde, aber nicht weiß, wie :P)

Avira Free Antivirus

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 5. März 2013  18:39

Es wird nach 5135643 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : LAPTOP

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  22.11.2012 22:39:48
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 14:24:20
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 14:24:20
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 14:24:20
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 17:56:35
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 02:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:47:38
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 08:07:17
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 18:23:06
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 16:42:39
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 22:39:38
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 22:08:21
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 22:08:21
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 22:08:22
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 22:08:22
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 22:08:22
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 16:06:36
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 16:06:37
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 15:36:58
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 16:21:32
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 16:21:32
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 14:05:06
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 14:05:24
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 14:52:34
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 11:24:26
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 11:24:26
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 11:24:27
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 12:09:15
VBASE025.VDF   : 7.11.63.71    209408 Bytes  01.03.2013 12:14:46
VBASE026.VDF   : 7.11.63.121   257536 Bytes  04.03.2013 12:19:45
VBASE027.VDF   : 7.11.63.122     2048 Bytes  04.03.2013 12:19:45
VBASE028.VDF   : 7.11.63.123     2048 Bytes  04.03.2013 12:19:45
VBASE029.VDF   : 7.11.63.124     2048 Bytes  04.03.2013 12:19:45
VBASE030.VDF   : 7.11.63.125     2048 Bytes  04.03.2013 12:19:45
VBASE031.VDF   : 7.11.63.174   128000 Bytes  05.03.2013 12:59:50
Engineversion  : 8.2.12.10 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  14.07.2012 11:37:27
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  26.02.2013 11:24:31
AESCN.DLL      : 8.1.10.0      131445 Bytes  14.12.2012 22:21:01
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 03:33:01
AERDL.DLL      : 8.2.0.88      643444 Bytes  11.01.2013 12:12:22
AEPACK.DLL     : 8.3.1.12      815480 Bytes  01.03.2013 12:14:53
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  13.11.2012 20:39:24
AEHEUR.DLL     : 8.1.4.222    5767545 Bytes  01.03.2013 12:14:51
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 17:37:34
AEGEN.DLL      : 8.1.6.16      434549 Bytes  26.01.2013 13:13:24
AEEXP.DLL      : 8.4.0.6       192885 Bytes  01.03.2013 12:14:54
AEEMU.DLL      : 8.1.3.2       393587 Bytes  14.07.2012 11:33:50
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 14:05:25
AEBB.DLL       : 8.1.1.4        53619 Bytes  13.11.2012 20:39:20
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 14:24:19
AVPREF.DLL     : 12.3.0.32      50720 Bytes  22.11.2012 22:39:47
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 14:24:20
AVARKT.DLL     : 12.3.0.33     209696 Bytes  22.11.2012 22:39:46
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 14:24:20
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 14:24:20
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  26.07.2012 14:53:00
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 14:24:20
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  26.07.2012 14:52:40
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  22.11.2012 22:39:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Dienstag, 5. März 2013  18:39

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_171.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_171.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMDBSVC.EXE' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCDDaemon.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcDeskBandHlpr.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3123' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Iris\AppData\Local\Temp\jar_cache8401026136713566747.tmp
  [0] Archivtyp: ZIP
  --> Example.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.3417
  --> SecretKey.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.3228
Beginne mit der Suche in 'D:\' <Lenovo>

Beginne mit der Desinfektion:
C:\Users\Iris\AppData\Local\Temp\jar_cache8401026136713566747.tmp
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE20121723.BZJ
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54e2c5c6.qua' verschoben!


Ende des Suchlaufs: Dienstag, 5. März 2013  22:43
Benötigte Zeit:  4:02:47 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  88039 Verzeichnisse wurden überprüft
 2329918 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 2329915 Dateien ohne Befall
  19900 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 641732 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

OTL

Code:

ATTFilter

OTL logfile created on: 06.03.2013 16:37:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Iris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 64,70% Memory free
7,80 Gb Paging File | 6,06 Gb Available in Paging File | 77,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,53 Gb Total Space | 145,26 Gb Free Space | 31,96% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 3,26 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
Drive F: | 15,43 Gb Total Space | 13,68 Gb Free Space | 88,65% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.06 09:11:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Iris\Desktop\OTL.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.11.07 19:23:46 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.09.07 08:10:38 | 000,604,048 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2012.09.07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2012.07.26 15:52:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 15:24:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 15:24:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.22 19:06:00 | 000,089,152 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2012.01.22 19:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.12.09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.02.23 14:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.03.23 05:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.11 06:22:08 | 000,060,272 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.11.28 04:54:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.05.30 22:29:08 | 000,117,760 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)
SRV:64bit: - [2011.05.30 22:29:04 | 000,130,048 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)
SRV:64bit: - [2011.05.30 22:22:56 | 002,715,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\ATService.exe -- (ATService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.27 11:29:56 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.11.02 19:19:36 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.09.07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012.08.07 21:22:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 15:24:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 15:24:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.22 19:06:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012.01.22 19:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.01.22 19:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.11.01 05:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.11.01 05:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.11.01 05:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.10.20 10:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011.10.19 06:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2010.03.23 05:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 05:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 13:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.23 08:45:42 | 000,475,648 | ---- | M] (Saint Security Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\NetCare\v5\ncsvc.exe -- (ncsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.11 06:22:08 | 000,042,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.11.01 15:31:48 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.08 15:24:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 15:24:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.22 19:06:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012.01.22 19:06:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.11.28 05:20:18 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.11.28 05:20:18 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.28 04:19:10 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.31 07:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.10.19 06:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.10.19 06:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.10.13 16:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.10.13 16:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.09.16 08:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.31 13:53:52 | 000,735,616 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.04.22 16:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.04.08 15:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.03.23 05:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 00:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.08 07:11:40 | 000,037,440 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.10.05 09:58:18 | 000,649,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.17 14:11:12 | 000,031,744 | ---- | M] (Saint Security Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ncdrv.sys -- (NcdrvMP)
DRV:64bit: - [2009.06.17 14:11:12 | 000,031,744 | ---- | M] (Saint Security Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ncdrv.sys -- (Ncdrv)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 10:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.08.22 14:10:26 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2006.11.18 05:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2013.02.01 20:29:10 | 000,000,306 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\null -- (Null)
DRV - [2012.11.02 19:20:00 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 9C 28 B3 2D 50 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.02.01 20:18:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.02.01 20:18:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 21:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.02 23:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.08 18:41:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 21:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.02 23:08:34 | 000,000,000 | ---D | M]
 
[2012.03.09 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2013.02.01 20:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\np7hbaaf.default\extensions
[2012.03.18 04:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.07 21:22:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.07 19:57:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.07 19:57:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.07 19:57:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.07 19:57:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.07 19:57:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.07 19:57:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = @biocpl.dll,-1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} https://www.epost.go.kr/comm/easykeytec/easykeytec.cab (EZKeytecWeb Class)
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} hxxp://www.seevideo.co.kr/pub/seevideo2003/svporsche.cab (SVPorsche Control)
O16 - DPF: {D6E38480-8844-4A46-8FE0-83CAEEAD0628} hxxp://netcare.yonsei.ac.kr/v5/install/ncinstaller_1.0.0.6.cab (NCDownloader Class)
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_19.cab (CongnamulMap4Asp Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5EE4AB8-0FBB-4012-8360-3A673502ABB5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{6eb62de7-6bd0-11e1-8363-cc52afceaac9}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb62de7-6bd0-11e1-8363-cc52afceaac9}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{6eb62de7-6bd0-11e1-8363-cc52afceaac9}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{6eb62de7-6bd0-11e1-8363-cc52afceaac9}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.02 23:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
[2013.03.02 23:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2013.03.02 23:15:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013.03.02 23:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2013.03.02 23:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2013.02.26 13:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.02.26 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.06 16:33:31 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2013.03.06 16:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.06 15:29:21 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.06 15:29:21 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.06 15:29:21 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.06 15:29:21 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.06 15:29:21 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.06 15:28:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.06 11:25:26 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 11:25:26 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 11:17:41 | 469,136,590 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.06 11:17:35 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.19 07:25:32 | 000,335,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.06 16:33:31 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2013.02.26 13:38:07 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.08.02 08:23:09 | 000,000,051 | ---- | C] () -- C:\ProgramData\vrayufkqkzngcci
[2012.06.16 06:41:33 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012.03.26 11:41:58 | 000,483,328 | ---- | C] () -- C:\Windows\SysWow64\INITray.exe
[2012.03.24 11:40:56 | 000,025,872 | ---- | C] () -- C:\Windows\SysWow64\INIUAC.exe
[2012.03.17 17:13:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.03.17 17:12:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.13 16:00:53 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.24 00:25:04 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.10 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CachedFiles
[2012.08.09 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CheckPoint
[2012.06.16 06:41:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DonationCoder
[2012.03.11 07:05:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2012.08.21 21:07:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft
[2012.04.03 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FreePDF
[2012.05.30 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IrfanView
[2012.06.16 06:52:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MusicBrainz
[2012.04.03 13:04:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\pdfforge
[2012.03.10 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PwrMgr
[2012.08.07 19:56:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >

EXTRAS

Code:

ATTFilter

OTL Extras logfile created on: 06.03.2013 16:37:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Iris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 64,70% Memory free
7,80 Gb Paging File | 6,06 Gb Available in Paging File | 77,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,53 Gb Total Space | 145,26 Gb Free Space | 31,96% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 3,26 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
Drive F: | 15,43 Gb Total Space | 13,68 Gb Free Space | 88,65% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101016F8-823E-413D-8E91-E98D05961502}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2911FC39-C43D-4340-A1D9-D8A954757040}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3BE43C1C-742D-444F-86FC-BE397A89C11F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5398EDC2-26B2-44E3-8AAC-D21081058682}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7998819E-894D-4D81-B79A-C68E31B4AE29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{920A4993-98C4-4752-9593-011828DFA202}" = rport=138 | protocol=17 | dir=out | app=system | 
"{944700FF-E4CE-40FA-9F9A-8D9F5D080126}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B79189D6-59A9-4E6F-B490-4CE98A52095C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B850C62E-2DBD-4015-B26B-F6083F81FAD1}" = lport=8993 | protocol=17 | dir=in | name=anysvcport | 
"{C800056B-66A4-4768-8042-8A54B28BD9AD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D9EF24CC-7634-49B1-8FBB-42ACF664E9E2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EA14F422-09D0-4A2B-8A36-5E457CC8C1CF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F2AD844E-BD5C-4EEC-9131-C902C0454092}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EA26EC-DED1-47A2-A793-9FAD187CCD48}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10F887BA-127E-421E-9D3D-F8E2BAE9F559}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2F72B5EA-5396-4B06-B697-2D17AAE2F0E2}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{410197CD-0635-4132-86E2-37731C476F69}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{44E5D4B3-8DF0-4CD0-B7B8-90393F64F893}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5B8DA1A2-7E8B-45A8-AD93-1DB586145403}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6DDA0D50-B8B4-4107-9F14-498EEB811F97}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{891FA09C-74EB-47AF-A884-B4BC1FABAC8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9FB9DCFC-8E33-4BCF-84F2-14B830964F85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A833F364-3523-468A-9370-1F12DBFAB485}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BE0B9DA1-7648-419B-8C36-55A8148D34D9}" = protocol=6 | dir=in | app=c:\users\iris\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D3BE2330-E15B-4569-9534-8867153CACBF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E5E941CF-602E-4948-827E-B50ACEA9CA8D}" = protocol=17 | dir=in | app=c:\users\iris\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F42ABD64-1C6B-42B0-A2DD-231697BCA07A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F8815926-BAC1-4D33-9E97-E14A34F12E1C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF12B21D-6784-4554-B5AC-3B159676D859}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{3862C2B2-FB71-41A5-B826-15B1A7A1E38E}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | 
"TCP Query User{4441A7E6-ACDF-4FD5-8DFC-77046D36E346}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{42D3C35A-4624-4721-B338-EC72DBFCB973}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{F43410D9-ADC0-40B6-A0D7-E54B75EBEECF}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5E79DDFB-8AE6-E4B5-8A24-D358C2F2E349}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EEAA321A-E086-C093-70E0-01E66F1491D9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{023FADD0-F5EC-1E92-4AB5-0FCE3579C0C9}" = CCC Help Chinese Standard
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1AEAB063-151F-74F9-B8EC-2CF39257C39B}" = CCC Help English
"{1E80AF84-EAEC-53A3-D5D8-B7DD01F8AA23}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B83EB9-90A5-ABED-3256-1AEDC1A5A832}" = CCC Help Portuguese
"{23CAC9C6-F4E7-A978-46A7-8C6DC3EC0AAD}" = CCC Help Japanese
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2AFFABEB-13E5-47EF-53F7-826616982D2C}" = Catalyst Control Center Localization All
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4141D2C3-756B-1EF0-0977-B421B85F5870}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5522D1A6-98A7-C7A2-D7B9-A762AE4D09D8}" = PX Profile Update
"{5781F83C-13F4-C8C8-F8AD-15FEBE496BB0}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76901A74-50AA-0132-B4DB-CA522F9E71B2}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{949320FC-F3AE-72D3-11C8-4F50DA7067C8}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security
"{AE91C455-8C94-EB5A-0128-D7F44371B77E}" = ccc-core-static
"{B3114E23-91A6-DEF2-B8FB-5D782AF5439A}" = CCC Help Dutch
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{C72A9BF9-0746-A0F6-E23E-104392FC3EED}" = CCC Help German
"{D1143A4E-753F-4B70-B5C3-69156D57CC7B}" = Catalyst Control Center - Branding
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DF69DC26-5534-6CCF-7BD4-3314A67FA6CD}" = CCC Help French
"{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC19E668-785C-1F2A-1A25-266A46A5462C}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F39E5AF2-6A57-BA8E-21C4-B422B3CCBDE5}" = CCC Help Swedish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCare" = NetCare v5
"Office14.VISIOR" = Microsoft Visio Professional 2010
"ProInst" = Intel PROSet Wireless
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.03.2013 04:04:29 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.03.2013 04:04:31 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcSvc.exe, Version: 5.9.7.95, Zeitstempel:
 0x50487c7e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000326d1  ID des fehlerhaften Prozesses:
 0xa44  Startzeit der fehlerhaften Anwendung: 0x01ce1a4123d54c21  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 7927c826-8634-11e2-b321-fe52966cb672
 
Error - 06.03.2013 06:18:26 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.03.2013 06:19:03 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcSvc.exe, Version: 5.9.7.95, Zeitstempel:
 0x50487c7e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000326d1  ID des fehlerhaften Prozesses:
 0xa44  Startzeit der fehlerhaften Anwendung: 0x01ce1a53e9946afa  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 443b8f1c-8647-11e2-8afe-ae955a363f71
 
[ System Events ]
Error - 05.03.2013 11:15:52 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 05.03.2013 13:17:36 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 06.03.2013 04:04:10 | Computer Name = Laptop | Source = NetBT | ID = 4321
Description = Der Name "LAPTOP         :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 141.47.152.215  registriert werden. Der Computer mit IP-Adresse 141.47.5.2
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 06.03.2013 04:04:50 | Computer Name = Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "AcSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 06.03.2013 04:04:52 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 06.03.2013 04:05:17 | Computer Name = Laptop | Source = NetBT | ID = 4321
Description = Der Name "LAPTOP         :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 141.47.152.215  registriert werden. Der Computer mit IP-Adresse 141.47.5.2
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 06.03.2013 06:17:59 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?03.?2013 um 11:09:50 unerwartet heruntergefahren.
 
Error - 06.03.2013 06:18:00 | Computer Name = LAPTOP | Source = BugCheck | ID = 1001
Description = 
 
Error - 06.03.2013 06:19:19 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 06.03.2013 06:19:18 | Computer Name = Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "AcSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 
< End of report >

Gmer

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-06 19:03:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325ASG rev.0001SDM1 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\admin\AppData\Local\Temp\uxldapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                                                                                 0000000075711465 2 bytes [71, 75]
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                                                                                00000000757114bb 2 bytes [71, 75]
.text   ...                                                                                                                                                                                                                                                                                                                                                            * 2
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                                                                              0000000075711465 2 bytes [71, 75]
.text   C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                                                                             00000000757114bb 2 bytes [71, 75]
.text   ...                                                                                                                                                                                                                                                                                                                                                            * 2
.text   C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe[4300] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                                                                                                                                                            0000000075711465 2 bytes [71, 75]
.text   C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe[4300] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                                                                                                                                                           00000000757114bb 2 bytes [71, 75]
.text   ...                                                                                                                                                                                                                                                                                                                                                            * 2
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                                                                                  0000000075711465 2 bytes [71, 75]
.text   C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                                                                                 00000000757114bb 2 bytes [71, 75]
.text   ...                                                                                                                                                                                                                                                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1408:5220]                                                                                                                                                                                                                                                                                                                    000007fef4279688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0542A91C-C700-4BB2-9C27-B2EFCBF67366}\Connection@Name                                                                                                                                                                                                                    isatap.{01DEA750-ACDA-4EA3-BBDD-07F393D6B722}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                                                                                                                                                                                       \Device\{E07EF951-BAFA-4B73-9BDE-8BFFD2F9395A}?\Device\{09AD829A-4797-4D5F-889B-5442B98F1B0C}?\Device\{0542A91C-C700-4BB2-9C27-B2EFCBF67366}?\Device\{CD5B6978-13B4-4634-AC4C-F0067C404ECB}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                                                                                                                                                                                      "{E07EF951-BAFA-4B73-9BDE-8BFFD2F9395A}"?"{09AD829A-4797-4D5F-889B-5442B98F1B0C}"?"{0542A91C-C700-4BB2-9C27-B2EFCBF67366}"?"{CD5B6978-13B4-4634-AC4C-F0067C404ECB}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                                                                                                                                                                                     \Device\TCPIP6TUNNEL_{E07EF951-BAFA-4B73-9BDE-8BFFD2F9395A}?\Device\TCPIP6TUNNEL_{09AD829A-4797-4D5F-889B-5442B98F1B0C}?\Device\TCPIP6TUNNEL_{0542A91C-C700-4BB2-9C27-B2EFCBF67366}?\Device\TCPIP6TUNNEL_{CD5B6978-13B4-4634-AC4C-F0067C404ECB}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234dfc7d4c                                                                                                                                                                                                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0542A91C-C700-4BB2-9C27-B2EFCBF67366}@InterfaceName                                                                                                                                                                                                                                         isatap.{01DEA750-ACDA-4EA3-BBDD-07F393D6B722}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0542A91C-C700-4BB2-9C27-B2EFCBF67366}@ReusableType                                                                                                                                                                                                                                          0
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234dfc7d4c (not active ControlSet)                                                                                                                                                                                                                                                                

---- Files - GMER 2.1 ----

File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen                                                              0 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_05 Teaser Inhalte - Text.pptx                        85337 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_05 Teaser.pptx                                       9922879 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_23 Teaser V2.pptx                                    252469 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_24 Teaser V3.pptx                                    6584498 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_25 Teaser V4.pptx                                    6586801 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\Teaser.wmv                                                   21926788 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\02_Suche\2011_02 Fragen.xlsx                                                                       13354 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\2011_05_18 B.mm                                                                          5417 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\2012_01_27 A.docx                                                                        83369 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV                                                                                   0 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\2011_03_24 A.docx                                                                 83059 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\2011_05_23 A.docx                                                                 52350 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\2011_09_07 A.docx                                                                 54516 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\2012_01_22 A.docx                                                                 74282 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\Fragebogen.docx                                                                   15328 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\Fragen.dotx                                                                       74333 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\Version 2012_01_27                                                                       0 bytes
File    C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\Version 2012_01_27 - Fragen.dotx                                                         83558 bytes

---- EOF - GMER 2.1 ----

Herzlichen Dank schonmal für's Anschauen!

Viele Grüße
daime

cosinus · 06.03.2013, 23:15

Hallo und

Zitat:

64bit- Professional Service Pack 1 (Version = 6.1.7601)

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

daime · 06.03.2013, 23:27

Hallo cosinus,

das geht ja tatsächlich schnell mit den Antworten ^^ Das hier ist mein privater Laptop, aber ich kann mir über das MSDNAA meiner Uni kostenlos alles mögliche an Mikrosaft-Software runterladen (bis auf das Office-Paket, das kostet trotzdem). Unter anderem eben verschiedenen Windows-Versionen, ich weiß gar nicht, ob die Home-Edition jeweils überhaupt angeboten wird. Über "brauchen" lässt sich sicher streiten, aber dem geschenkten Gaul... :P

Liebe Grüße
daime

cosinus · 06.03.2013, 23:37

Ok, danke für die Erklärung!

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

daime · 07.03.2013, 16:07

Hallo,

ich habe die drei Tools heruntergeladen und mit dem Scannen begonnen.

Die mbar hat beim ersten Durchlauf eine Datei gefunden, gecleant und mich nicht zum Neustart aufgefordert, weshalb ich den Laptop selbst neu gestartet habe.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: LAPTOP [administrator]

07.03.2013 14:45:00
mbar-log-2013-03-07 (14-45-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29929
Time elapsed: 22 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Log des zweiten Durchlaufs von mbar nach dem Neustart:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: LAPTOP [administrator]

07.03.2013 15:32:47
mbar-log-2013-03-07 (15-32-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29922
Time elapsed: 23 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR habe ich nach der Anleitung gestartet und geupdatet. Allerdings habe ich, nachdem das Update fertig war und der Suchdurchlauf begonnen hat, das Netzwerkkabel gezogen - falls das von Relevanz sein sollte. Nach einer Weile kam nämlich die Meldung, dass das Programm nicht mehr funktioniert und geschlossen wird (siehe Screenshot im Anhang). Hätte ich die Internetverbindung nicht kappen dürfen?

Hier habe ich deshalb gestoppt. Was soll ich als jetzt tun?

Liebe Grüße
daime

cosinus · 07.03.2013, 16:21

Das reicht mir schon der Screenshot als Info

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

daime · 07.03.2013, 17:28

Hey,

Combofix wollte neu starten, es kam jedoch die Fehlermeldung "The file C:\Windows\erdnt\subs\ERDNT.INF does not contain any restoration entries!". Da es sowieso keine andere Auswahlmöglichkeit gab, habe ich "ok" geklickt und der Laptop wurde neu gestartet.

Leider poppt jetzt nach der Benutzeranmeldung ständig das Combofix-Fenser auf, um sich im Bruchteil einer Sekunde wieder zu schließen (schreibe gerade von einem anderen PC aus). Ist das normal? Hätte dich wohl doch besser gleich wegen dem Fehler fragen sollen : /

cosinus · 08.03.2013, 00:29

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

daime · 08.03.2013, 18:05

Hallo,

der Neustart hatte nichts am Problem geändert; im ersten Durchlauf hatte ich Combofix im normalen Benutzerkonto als Administrator ausgeführt (und konnte aufgrund des ständig aufpoppenden und schließenden Fensters nicht einmal das Tool löschen, da das Fenster immer "aktiv wurde"). Vielleicht war das das Problem, beim zweiten Durchlauf direkt im Adminkonto ging es problemlos:

Combofix

Code:

ATTFilter

ComboFix 13-03-07.03 - admin 08.03.2013  14:48:14.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3992.2556 [GMT 1:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Roaming
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
D:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-08 bis 2013-03-08  ))))))))))))))))))))))))))))))
.
.
2013-03-08 14:05 . 2013-03-08 14:05	--------	d-----w-	c:\users\Iris\AppData\Local\temp
2013-03-08 14:05 . 2013-03-08 14:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-07 13:21 . 2013-03-07 13:21	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-05 07:40 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8028D887-8D27-4373-9D1F-31307DE8EC64}\mpengine.dll
2013-03-02 22:21 . 2013-03-02 22:21	--------	d-----w-	c:\users\Iris\AppData\Roaming\onOne Software
2013-03-02 22:16 . 2013-03-02 22:16	--------	d-----w-	c:\program files\onOne Software
2013-03-02 22:15 . 2013-03-02 22:16	--------	d-----w-	c:\program files (x86)\onOne Software
2013-03-02 22:15 . 2013-03-02 22:15	--------	d-----w-	c:\windows\SysWow64\spool
2013-03-02 22:15 . 2013-03-02 22:21	--------	d-----w-	c:\programdata\onOne Software
2013-03-02 22:14 . 2013-03-02 22:14	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-26 12:36 . 2013-02-26 12:37	--------	d-----w-	c:\program files\GIMP 2
2013-02-26 12:36 . 2013-02-26 12:36	--------	d-----w-	c:\users\admin\AppData\Local\Programs
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 08:02 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:02 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 07:57 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 07:57 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 07:57 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 07:57 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-14 07:57 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-14 07:57 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-14 07:57 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-14 07:57 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-14 07:57 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-14 07:57 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 07:57 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 07:57 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-02 22:14 . 2012-08-09 16:50	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-02 22:14 . 2012-03-11 03:54	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-27 10:29 . 2012-04-16 02:42	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 10:29 . 2012-03-10 09:30	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 08:07 . 2012-03-09 10:47	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 07:57	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-25 09:07	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-25 09:07	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-25 09:07	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-25 09:07	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-11 05:22 . 2012-12-11 05:22	72048	----a-w-	c:\windows\system32\ibmpmctl.exe
2012-12-11 05:22 . 2012-12-11 05:22	60272	----a-w-	c:\windows\system32\ibmpmsvc.exe
2012-12-11 05:22 . 2012-12-11 05:22	42824	----a-w-	c:\windows\system32\drivers\ibmpmdrv.sys
2012-12-11 05:22 . 2012-12-11 05:22	39792	----a-w-	c:\windows\system32\tpinspm.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-26 348664]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-22 1631808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-27 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-07 73392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 Ncdrv;NetCare Driver Service;c:\windows\system32\DRIVERS\ncdrv.sys [2009-06-17 31744]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-22 175168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2011-05-30 130048]
R4 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2011-05-30 117760]
R4 ncsvc;NetCare Main Service Module;c:\program files (x86)\NetCare\v5\ncsvc.exe [2009-07-23 475648]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-01-22 31344]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-28 203776]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe [2011-05-30 2715976]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-02 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 827560]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2011-05-31 735616]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-22 478056]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2008-08-22 316544]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-13 10629184]
S3 NcdrvMP;NcdrvMP;c:\windows\system32\DRIVERS\ncdrv.sys [2009-06-17 31744]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-22 89152]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 10:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 1127592]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} - hxxp://www.seevideo.co.kr/pub/seevideo2003/svporsche.cab
DPF: {D6E38480-8844-4A46-8FE0-83CAEEAD0628} - hxxp://netcare.yonsei.ac.kr/v5/install/ncinstaller_1.0.0.6.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_19.cab
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\np7hbaaf.default\
FF - ExtSQL: 2013-02-01 20:18; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-08  17:15:36
ComboFix-quarantined-files.txt  2013-03-08 16:14
.
Vor Suchlauf: 17 Verzeichnis(se), 167.916.322.816 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 167.758.471.168 Bytes frei
.
- - End Of File - - FC22D1800D216AB17855BFDABF3A7240

Viele Grüße
daime

cosinus · 08.03.2013, 19:16

Zitat:

FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

Kann ich nur von abraten, deinstalliere es und belass es bei der Windows-Firewall.
Du hast nicht mehr Sicherheit nur weil du eine andere Firewall-Software verwendest.

daime · 09.03.2013, 16:15

Ok, habe ich gemacht! Muss ich bei den Windows-Firewalleinstellungen irgendetwas beachten?

cosinus · 10.03.2013, 16:05

Zitat:

Muss ich bei den Windows-Firewalleinstellungen irgendetwas beachten?

Standardsettings sollten reichen, um sicher zu gehen, kannst du die Einstellungen der Windows-Firewall über die Systemsteuerung resetten, sodass sie auch wirklich die default Werte hat.

daime · 10.03.2013, 21:32

Vielen Dank für den Tipp!

Muss ich jetzt nochmal Combofix durchlaufen lassen oder hat das letzte Mal trotzdem etwas gebracht?

cosinus · 10.03.2013, 22:06

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

daime · 11.03.2013, 15:37

Hallo cosinus,

hier wieder die Logs:

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Professional x64
Ran by admin on 11.03.2013 at 14:15:11,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2613550
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\admin\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\admin\appdata\locallow\conduit"



~~~ FireFox

Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\np7hbaaf.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.03.2013 at 14:24:25,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwCleaner (wurde nur einmal neu gestartet)

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 11/03/2013 um 14:32:34 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : admin - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\admin\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\1wzztxlw.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\ZoneAlarm-Sicherheit
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\ZoneAlarm-Sicherheit
Ordner Gelöscht : C:\Users\Iris\AppData\LocalLow\ZoneAlarm-Sicherheit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ZoneAlarm-Sicherheit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3339BAD5-F707-4444-ADDC-018CB478CD70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46CC2D0B-02E5-40D8-98C8-B9D84D4A438B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm-Sicherheit Toolbar
Schlüssel Gelöscht : HKLM\Software\ZoneAlarm-Sicherheit
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\np7hbaaf.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\1wzztxlw.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,ich@maltegoetz.de:1.4.7,{972[...]

*************************

AdwCleaner[S1].txt - [3237 octets] - [11/03/2013 14:32:34]

########## EOF - C:\AdwCleaner[S1].txt - [3297 octets] ##########

OTL

Code:

ATTFilter

OTL logfile created on: 11.03.2013 14:52:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 68,20% Memory free
7,80 Gb Paging File | 6,28 Gb Available in Paging File | 80,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,53 Gb Total Space | 153,64 Gb Free Space | 33,80% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 3,26 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe ()
SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe ()
SRV:64bit: - (ATService) -- C:\Windows\SysNative\ATService.exe (AuthenTec, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ncsvc) -- C:\Program Files (x86)\NetCare\v5\ncsvc.exe (Saint Security Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (NcdrvMP) -- C:\Windows\SysNative\drivers\Ncdrv.sys (Saint Security Co., Ltd.)
DRV:64bit: - (Ncdrv) -- C:\Windows\SysNative\drivers\Ncdrv.sys (Saint Security Co., Ltd.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV - (Null) -- C:\Windows\SysWow64\null ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 9C 28 B3 2D 50 CD 01  [binary data]
IE - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 21:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.02 23:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.08 18:41:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 21:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.02 23:08:34 | 000,000,000 | ---D | M]
 
[2012.03.09 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2013.02.01 20:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\np7hbaaf.default\extensions
[2012.03.18 04:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.07 21:22:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.07 19:57:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.07 19:57:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.07 19:57:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.07 19:57:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.07 19:57:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.07 19:57:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.07 17:12:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3:64bit: - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found
O4 - Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3234625755-1539405520-3999348010-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} https://www.epost.go.kr/comm/easykeytec/easykeytec.cab (EZKeytecWeb Class)
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} hxxp://www.seevideo.co.kr/pub/seevideo2003/svporsche.cab (SVPorsche Control)
O16 - DPF: {D6E38480-8844-4A46-8FE0-83CAEEAD0628} hxxp://netcare.yonsei.ac.kr/v5/install/ncinstaller_1.0.0.6.cab (NCDownloader Class)
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_19.cab (CongnamulMap4Asp Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.47.5.2 141.47.4.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{234CF3EE-2755-4101-8092-F0185522C7D9}: DhcpNameServer = 141.47.5.2 141.47.4.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5EE4AB8-0FBB-4012-8360-3A673502ABB5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.11 14:48:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2013.03.11 14:15:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.11 14:14:44 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.11 14:03:38 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\admin\Desktop\JRT.exe
[2013.03.09 12:39:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.08 17:54:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.08 14:47:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.08 14:42:34 | 005,037,067 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2013.03.07 16:51:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.07 16:51:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.07 16:51:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.07 16:50:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.07 16:50:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.07 14:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.02 23:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
[2013.03.02 23:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2013.03.02 23:15:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013.03.02 23:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2013.03.02 23:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2013.03.02 23:14:27 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.02 23:14:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.02 23:14:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.02 23:14:11 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.26 13:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.02.26 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Programs
[2013.02.14 08:59:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 08:59:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 08:59:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 08:59:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 08:59:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 08:59:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 08:59:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 08:59:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 08:59:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 08:59:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 08:59:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 08:59:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 08:59:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 08:59:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 08:59:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 08:57:53 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 08:57:52 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 08:57:49 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 08:57:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 08:57:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 08:57:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 08:57:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 08:57:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 08:57:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 08:57:27 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.11 14:48:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2013.03.11 14:41:52 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 14:41:52 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 14:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.11 14:34:12 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.11 14:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.11 14:12:17 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\admin\Desktop\JRT.exe
[2013.03.11 14:02:13 | 000,597,667 | ---- | M] () -- C:\Users\admin\Desktop\adwcleaner.exe
[2013.03.11 10:19:54 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.11 10:19:54 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.11 10:19:54 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.11 10:19:54 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.11 10:19:54 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.10 15:09:20 | 492,624,334 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.09 12:33:48 | 000,002,288 | ---- | M] () -- C:\Users\admin\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk
[2013.03.08 14:43:04 | 005,037,067 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2013.03.07 17:12:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.06 16:33:31 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2013.03.02 23:14:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.02 23:14:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.02 23:14:05 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.02 23:14:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.02 23:14:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.02 23:14:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.27 11:29:56 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 11:29:56 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.19 07:25:32 | 000,335,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.11 14:02:05 | 000,597,667 | ---- | C] () -- C:\Users\admin\Desktop\adwcleaner.exe
[2013.03.09 12:33:48 | 000,002,288 | ---- | C] () -- C:\Users\admin\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk
[2013.03.07 16:51:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.07 16:51:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.07 16:51:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.07 16:51:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.07 16:51:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.06 16:33:31 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2013.02.26 13:38:07 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.08.02 08:23:09 | 000,000,051 | ---- | C] () -- C:\ProgramData\vrayufkqkzngcci
[2012.06.16 06:41:33 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012.03.26 11:41:58 | 000,483,328 | ---- | C] () -- C:\Windows\SysWow64\INITray.exe
[2012.03.24 11:40:56 | 000,025,872 | ---- | C] () -- C:\Windows\SysWow64\INIUAC.exe
[2012.03.17 17:13:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.03.17 17:12:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.13 16:00:53 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.24 00:25:04 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.10 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CachedFiles
[2012.08.09 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CheckPoint
[2012.06.16 06:41:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DonationCoder
[2012.03.11 07:05:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2012.08.21 21:07:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft
[2012.04.03 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FreePDF
[2012.05.30 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IrfanView
[2012.06.16 06:52:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MusicBrainz
[2012.03.10 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PwrMgr
[2012.08.07 19:56:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2012.10.24 21:03:21 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\.minecraft
[2012.06.20 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\AnyClick
[2012.08.08 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Canneverbe Limited
[2013.03.09 12:51:04 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\CheckPoint
[2013.03.11 14:48:06 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Dropbox
[2012.07.27 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\DVDVideoSoft
[2012.03.29 10:52:29 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\e-academy Inc
[2012.05.30 14:48:53 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\IrfanView
[2013.03.02 23:21:47 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\onOne Software
[2012.03.12 06:42:11 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\OpenOffice.org
[2012.03.10 11:55:23 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\PwrMgr
[2012.06.16 17:06:22 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\streamWriter
[2012.04.02 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >

EXTRAS

Code:

ATTFilter

OTL Extras logfile created on: 11.03.2013 14:52:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 68,20% Memory free
7,80 Gb Paging File | 6,28 Gb Available in Paging File | 80,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,53 Gb Total Space | 153,64 Gb Free Space | 33,80% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 3,26 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3234625755-1539405520-3999348010-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EA040FA-327A-4A90-8334-3E55F347448B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{425CD62E-8182-4792-A346-18DB677897E6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5610167F-8CAE-4233-B153-7E7984E987E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5E072A3C-7C82-4D18-A932-94060954579A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7487B3FF-5CC6-4516-A1DB-D07EB7013060}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{84D4C389-73E6-4567-9BE1-3010E8748053}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B579BBCF-44BB-41A5-81DB-74999F17E9DB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BD7CBB6B-065D-4219-BAD2-1F5D209EB5C6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DB89B45F-C086-4882-8CBD-6A018C311338}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DFF2F1A3-07FB-45ED-8CEB-08BDC81B0CE9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E7054EFC-DE46-4695-B3A5-262ABF481FB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEA0D3ED-1896-4FEA-AAF3-A6840F97CDCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15A258E0-A7D9-49A3-8265-DFD4159B224B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{30A6C132-1087-4717-B8B3-D538D91A6208}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4048F6F8-B618-4FF5-8D76-2192A3A5194E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B31F411D-95B9-4ACC-81FA-417FE22F579F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5E79DDFB-8AE6-E4B5-8A24-D358C2F2E349}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EEAA321A-E086-C093-70E0-01E66F1491D9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{023FADD0-F5EC-1E92-4AB5-0FCE3579C0C9}" = CCC Help Chinese Standard
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1AEAB063-151F-74F9-B8EC-2CF39257C39B}" = CCC Help English
"{1E80AF84-EAEC-53A3-D5D8-B7DD01F8AA23}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B83EB9-90A5-ABED-3256-1AEDC1A5A832}" = CCC Help Portuguese
"{23CAC9C6-F4E7-A978-46A7-8C6DC3EC0AAD}" = CCC Help Japanese
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2AFFABEB-13E5-47EF-53F7-826616982D2C}" = Catalyst Control Center Localization All
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4141D2C3-756B-1EF0-0977-B421B85F5870}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5522D1A6-98A7-C7A2-D7B9-A762AE4D09D8}" = PX Profile Update
"{5781F83C-13F4-C8C8-F8AD-15FEBE496BB0}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76901A74-50AA-0132-B4DB-CA522F9E71B2}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{949320FC-F3AE-72D3-11C8-4F50DA7067C8}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AE91C455-8C94-EB5A-0128-D7F44371B77E}" = ccc-core-static
"{B3114E23-91A6-DEF2-B8FB-5D782AF5439A}" = CCC Help Dutch
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{C72A9BF9-0746-A0F6-E23E-104392FC3EED}" = CCC Help German
"{D1143A4E-753F-4B70-B5C3-69156D57CC7B}" = Catalyst Control Center - Branding
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DF69DC26-5534-6CCF-7BD4-3314A67FA6CD}" = CCC Help French
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC19E668-785C-1F2A-1A25-266A46A5462C}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F39E5AF2-6A57-BA8E-21C4-B422B3CCBDE5}" = CCC Help Swedish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCare" = NetCare v5
"Office14.VISIOR" = Microsoft Visio Professional 2010
"ProInst" = Intel PROSet Wireless
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3234625755-1539405520-3999348010-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2013 09:34:43 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 09:35:20 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 11.03.2013 09:35:20 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 11.03.2013 09:35:20 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 11.03.2013 09:35:20 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 11.03.2013 09:35:20 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 11.03.2013 09:35:20 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 11.03.2013 09:35:28 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcSvc.exe, Version: 5.9.7.95, Zeitstempel:
 0x50487c7e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000326d1  ID des fehlerhaften Prozesses:
 0x96c  Startzeit der fehlerhaften Anwendung: 0x01ce1e5d2f6c686c  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 88e461a4-8a50-11e2-89dd-cc52afceaac9
 
[ System Events ]
Error - 11.03.2013 09:27:13 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 11.03.2013 09:29:23 | Computer Name = Laptop | Source = NetBT | ID = 4321
Description = Der Name "LAPTOP         :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 141.47.153.170  registriert werden. Der Computer mit IP-Adresse 141.47.5.2
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.03.2013 09:35:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "AcSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 11.03.2013 09:35:43 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 11.03.2013 09:49:56 | Computer Name = Laptop | Source = NetBT | ID = 4321
Description = Der Name "LAPTOP         :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 141.47.153.170  registriert werden. Der Computer mit IP-Adresse 141.47.5.2
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
 
< End of report >

Viele Grüße und vielen Dank für's Durchschauen!
daime

08.03.2013, 00:29	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EXP/CVE-2012-1723.A.3417, .3228 und EXP/CVE20121723.BZJ Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ Logfiles bitte immer in CODE-Tags posten*

EXP/CVE-2012-1723.A.3417, *.3228 und EXP/CVE20121723.BZJ

Log-Analyse und Auswertung: EXP/CVE-2012-1723.A.3417, *.3228 und EXP/CVE20121723.BZJ