Trojaner-Board - Google Verlinkungen werden umgeleitet

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Google Verlinkungen werden umgeleitet (https://www.trojaner-board.de/132649-google-verlinkungen-umgeleitet.html)

Google Verlinkungen werden umgeleitet

Hallo liebe Experten,

per Random scheinen die Klicks auf Links in der Google Ergebnisseite (FF, Chrome & IE) auf Seiten umgeleitet auf die ich nicht gelangen möchte. ;-)

Einschläge Programme haben keine Viren/Malware/etc. finden können. Aus diesem Grund hoffe ich das mir hier weitergeholfen werden kann.

Hier findet Ihr das Malwarebytes Log:

Code:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.03.23.05
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

XXX :: COMPUTERNAME [Administrator]
 

23.03.2013 10:40:07

mbam-log-2013-03-23 (10-40-07).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 404388

Laufzeit: 3 Stunde(n), 15 Minute(n), 50 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Gerne stelle ich Euch auch weitere Infos zur Verfügung!

Vielen Dank schon mal im voraus für Eure Hilfe!
Marcel

Hallo Marcel und :hallo:

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
- .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- .. installiere oder deinstalliere während der Bereinigung keine Software.
- .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).

Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
- Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
- Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.

Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.

Ok, suchen wir nach dem Ding:

Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button.
Bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.

Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
Schliesse bitte alle anderen Programme.
Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Sollte sich ein Fenster mit folgender Warnung öffnen
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
dann klicke unbedingt auf No.
Entferne rechts den Haken bei:
- IAT/EAT
- Show all
Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
Starte den Scan mit einem Klick auf Scan.
Mache gar nichts am Computer, während der Scan läuft!
Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
Füge bitte den Inhalt des Logfiles hier in deine Thread ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.

Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Gmer
Logs von OTL

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Hallo Leo,

danke für die Anleitung. Ich werde mich direkt dransetzen und asap die Ergebnisse mitteilen.

nochmals Danke und bis später,
marcel

Hallo Leo,

sorry nochmal für die Verspätung.

Deine Ausführungen waren sehr hilfreich, danke dafür!

Hier das Log von GMER:
[code]
GMER Logfile:

Code:

GMER 2.1.19155 - hxxp://www.gmer.net

Rootkit scan 2013-03-27 22:05:06

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB

Running: d9d1ocrg.exe; Driver: C:\Users\Tina\AppData\Local\Temp\pgddikoc.sys
 
 

---- System - GMER 2.1 ----
 

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwAdjustPrivilegesToken [0x9587E0C2]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwAlpcConnectPort [0x95C62082]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwAlpcCreatePort [0x95C6294A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwAlpcSendWaitReceivePort [0x958324A0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwClose [0x9581A77A]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwConnectPort [0x95C61AD8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwCreateEvent [0x9581ACF2]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwCreateFile [0x95C5B334]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwCreateKey [0x95C7D1DA]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwCreateMutant [0x9581ABD8]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwCreatePort [0x95C625E2]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwCreateProcess [0x95C76F1C]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwCreateProcessEx [0x95C77344]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwCreateSection [0x95C8196E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwCreateSemaphore [0x9581AE12]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwCreateSymbolicLinkObject [0x95841AC0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwCreateThread [0x958803C4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwCreateThreadEx [0x95880604]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwCreateUserProcess [0x95C777B8]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwCreateWaitablePort [0x95C62740]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwDebugActiveProcess [0x9587FF0E]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwDeleteFile [0x95C5C070]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwDeleteKey [0x95C7ECCE]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwDeleteValueKey [0x95C7E580]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwDeviceIoControlFile [0x9581A7BE]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwDuplicateObject [0x95C75CFC]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwLoadDriver [0x95C55D46]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwLoadKey [0x95C7F760]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwLoadKey2 [0x95C7F99E]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwLoadKeyEx [0x95C7FE50]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwMapViewOfSection [0x95841AE0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwNotifyChangeKey [0x95830154]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwOpenEvent [0x9581AD88]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwOpenFile [0x95C5BC22]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwOpenMutant [0x9581AC68]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwOpenProcess [0x95C79430]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwOpenSection [0x958811D8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwOpenSemaphore [0x9581AEA8]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwOpenThread [0x95C7901E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwPlugPlayControl [0x95841AD0]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwProtectVirtualMemory [0x95C8E340]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwQueryDirectoryObject [0x9581AF32]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwQueryObject [0x95830362]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwQueueApcThread [0x95880BDA]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwRenameKey [0x95C80838]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwReplaceKey [0x95C8011A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwReplyPort [0x95832284]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwReplyWaitReceivePort [0x95832112]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwReplyWaitReceivePortEx [0x958321C8]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwRequestWaitReplyPort [0x95C6167C]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwRestoreKey [0x95C8129E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwResumeThread [0x95880906]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwSecureConnectPort [0x95C61DA4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwSetContextThread [0x95880A62]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwSetInformationFile [0x95C5C47C]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwSetInformationObject [0x95C8E204]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwSetInformationToken [0x9581AFD4]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwSetSecurityObject [0x95C80DC2]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwSetSystemInformation [0x95C55410]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwSetValueKey [0x95C7DCA0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwSuspendProcess [0x9587FC56]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwSuspendThread [0x958807AE]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwSystemDebugControl [0x95C78042]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwTerminateProcess [0x95C77D72]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwTerminateThread [0x958802C0]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                               ZwUnloadDriver [0x95C56198]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwUnmapViewOfSection [0x95881340]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                   ZwWriteVirtualMemory [0x9588106A]
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                82E599E9 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  82E931C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                                     82E9A1EC 4 Bytes  [C2, E0, 87, 95] {RET 0x87e0; XCHG EBP, EAX}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                     82E9A214 8 Bytes  [82, 20, C6, 95, 4A, 29, C6, ...] {AND BYTE [EAX], 0xc6; XCHG EBP, EAX; DEC EDX; SUB ESI, EAX; XCHG EBP, EAX}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                                     82E9A258 4 Bytes  [A0, 24, 83, 95]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                                     82E9A284 4 Bytes  [7A, A7, 81, 95]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                                     82E9A2A8 4 Bytes  [D8, 1A, C6, 95]

.text           ...                                                                                                                     
 

---- User code sections - GMER 2.1 ----
 

.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1748] USER32.dll!GetUpdateRect + CF                                 7590A644 5 Bytes  JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                                             

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)                         

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@ISW                                                                  C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{38F31730-2D90-11DF-87A8-806E6F6E6963}  2003309312
 

---- EOF - GMER 2.1 ----

--- --- ---

[\code]

Hier das 1. Log von OTL (OTL.txt)
OTL Logfile:

Code:

OTL logfile created on: 27.03.2013 22:10:23 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = D:\01_PRIVAT\Neuer Ordner (3)

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,32% Memory free

5,87 Gb Paging File | 4,38 Gb Available in Paging File | 74,71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 210,83 Gb Total Space | 125,57 Gb Free Space | 59,56% Space Free | Partition Type: NTFS

Drive D: | 239,98 Gb Total Space | 33,20 Gb Free Space | 13,83% Space Free | Partition Type: NTFS

Drive Y: | 2779,26 Gb Total Space | 2068,29 Gb Free Space | 74,42% Space Free | Partition Type: NTFS

 

Computer Name: COMPUTERNAME | User Name: ***| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.03.27 22:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\01_PRIVAT\Neuer Ordner (3)\OTL.exe

PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe

PRC - [2013.01.29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe

PRC - [2013.01.29 20:35:36 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe

PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012.11.22 15:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2012.11.22 15:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.09.29 17:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe

PRC - [2009.09.29 17:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe

PRC - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe

PRC - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe

PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll

MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll

MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\pdf.dll

MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\libglesv2.dll

MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\libegl.dll

MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll

MOD - [2008.12.20 04:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll

MOD - [2008.12.20 04:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.03.23 10:03:36 | 000,490,368 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\AFWZXHYPHSTGP.exe -- (AFWZXHYPHSTGP)

SRV - [2013.03.23 10:02:59 | 000,564,096 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\BQMXE.exe -- (BQMXE)

SRV - [2013.03.12 20:14:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.03.09 07:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012.11.22 15:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.09.16 11:49:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)

SRV - [2012.01.19 11:41:48 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)

SRV - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2010.12.10 17:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2010.06.02 16:19:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.09.22 19:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)

SRV - [2009.08.14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)

SRV - [2009.07.16 04:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)

SRV - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)

SRV - [2009.07.14 15:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - [2012.12.13 11:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2012.11.22 15:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012.11.15 21:06:10 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2010.04.27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2010.04.27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)

DRV - [2010.04.27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)

DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2010.03.12 05:44:27 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)

DRV - [2009.11.19 01:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009.11.19 01:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009.09.14 19:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009.07.30 10:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.07.28 22:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)

DRV - [2009.07.21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)

DRV - [2009.07.16 13:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)

DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)

DRV - [2009.06.15 03:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009.05.19 14:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV - [2009.03.13 17:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.08.06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{AB4E7E23-126D-4050-92A2-57D0113CE68A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=bb8b92a0fd224bb885f9d43b7cef2fe9&tu=10G9000771B000v&sku=&tstsId=&ver=&"

FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.03.17 18:29:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 07:29:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.09 07:29:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.18 20:07:44 | 000,000,000 | ---D | M]

 

[2010.06.01 17:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2013.03.23 16:36:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions

[2013.03.23 09:34:59 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com

[2013.03.12 18:33:52 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2013.02.14 09:41:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.23 11:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js

[2013.03.23 08:35:04 | 000,002,413 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\searchplugins\askcom.xml

[2013.03.17 17:53:25 | 000,001,488 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\searchplugins\zonealarm.xml

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013.03.09 07:29:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

[2013.03.09 07:29:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.03.09 07:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013.03.09 07:29:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2013.03.09 07:29:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.03.09 07:29:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.03.09 07:29:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Ask (Enabled)

CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_ptnrs=%5EAGS&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}

CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F847105-AF16-4516-9C13-7D693E52BD39}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{30fae2b5-32d4-11e2-b205-705ab6607907}\Shell - "" = AutoRun

O33 - MountPoints2\{30fae2b5-32d4-11e2-b205-705ab6607907}\Shell\AutoRun\command - "" = F:\MI.exe

O33 - MountPoints2\{4ad1cb3d-abb3-11e1-99d3-705ab6607907}\Shell - "" = AutoRun

O33 - MountPoints2\{4ad1cb3d-abb3-11e1-99d3-705ab6607907}\Shell\AutoRun\command - "" = F:\MI.exe

O33 - MountPoints2\{4beab4ff-6da0-11df-8372-705ab6607907}\Shell - "" = AutoRun

O33 - MountPoints2\{4beab4ff-6da0-11df-8372-705ab6607907}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{b881827a-eaa9-11df-9d4b-705ab6607907}\Shell - "" = AutoRun

O33 - MountPoints2\{b881827a-eaa9-11df-9d4b-705ab6607907}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.24 13:37:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\USA

[2013.03.23 10:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2013.03.23 10:14:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

[2013.03.23 10:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2013.03.17 18:30:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ForceField Shared Files

[2013.03.17 18:29:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.03.17 18:29:23 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys

[2013.03.17 18:29:23 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klflt.sys

[2013.03.17 18:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point

[2013.03.17 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 17:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2013.03.17 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint

[2013.03.14 07:29:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023.sys

[2013.03.14 07:23:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb

[2013.03.14 07:23:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll

[2013.03.14 07:23:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe

[2013.03.14 07:23:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll

[2013.03.14 07:23:05 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll

[2013.03.14 07:23:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll

[2013.03.14 07:23:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll

[2013.03.14 07:23:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl

[2013.03.09 07:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013.03.02 16:33:26 | 000,000,000 | ---D | C] -- C:\windows\pss

[2013.03.02 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2013.03.02 11:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2013.03.02 11:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.03.02 11:52:49 | 000,000,000 | ---D | C] -- C:\Program***Data\Malwarebytes

[2013.03.02 11:52:48 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2013.03.02 11:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.03.27 22:15:03 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.27 22:15:03 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.27 22:14:20 | 000,694,084 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2013.03.27 22:14:20 | 000,656,802 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2013.03.27 22:14:20 | 000,144,926 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2013.03.27 22:14:20 | 000,121,934 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2013.03.27 22:14:07 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013.03.27 22:07:39 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.03.27 22:07:38 | 000,000,314 | ---- | M] () -- C:\windows\tasks\zfdnslpds.job

[2013.03.27 22:07:37 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for ***.job

[2013.03.27 22:07:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013.03.27 22:07:16 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.27 22:02:10 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.03.27 18:23:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2013.03.23 10:14:06 | 000,003,189 | ---- | M] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 10:04:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\ZLW

[2013.03.23 09:39:53 | 000,417,507 | ---- | M] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.17 13:41:56 | 000,429,788 | ---- | M] () -- C:\Users\***\Desktop\Zusatzvereinbarung zum Mietvertrag.pdf

[2013.03.14 18:05:43 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.03.13 10:41:46 | 000,208,016 | ---- | M] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 20:14:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe

[2013.03.12 20:14:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

[2013.03.12 14:34:49 | 019,459,072 | ---- | M] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2013.03.07 13:52:37 | 001,949,346 | ---- | M] () -- C:\Users\***\Desktop\Fend, Helmut - 2008 - Schule gestalten.pdf

[2013.03.07 10:46:58 | 002,612,472 | ---- | M] () -- C:\Users\***\Desktop\Skalenhandbuch Schulinspektion HH.pdf

[2013.03.07 10:44:35 | 000,117,388 | ---- | M] () -- C:\Users\***\Desktop\Krammer_E-Learning_mit_Videos_in_der_Ausbildung_1_.pdf

[2013.03.07 10:42:47 | 000,115,637 | ---- | M] () -- C:\Users\***\Desktop\R1_Video_Krammer-Hugener.pdf

[2013.03.05 12:00:23 | 000,751,074 | ---- | M] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann(1).pdf

[2013.03.05 12:00:20 | 000,751,074 | ---- | M] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann.pdf

[2013.03.05 11:10:40 | 019,761,002 | ---- | M] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn(2).pdf

[2013.03.05 09:49:35 | 019,761,002 | ---- | M] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn.pdf

[2013.03.02 11:44:01 | 000,194,695 | ---- | M] () -- C:\Users\***\Desktop\Hotelbestätigung_San Fransisco.xps

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.03.27 18:23:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2013.03.23 10:14:06 | 000,003,189 | ---- | C] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 10:04:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\ZLW

[2013.03.17 18:29:51 | 000,417,507 | ---- | C] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.17 13:41:56 | 000,429,788 | ---- | C] () -- C:\Users\***\Desktop\Zusatzvereinbarung zum Mietvertrag.pdf

[2013.03.13 10:41:46 | 000,208,016 | ---- | C] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 14:33:55 | 019,459,072 | ---- | C] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2013.03.07 13:52:37 | 001,949,346 | ---- | C] () -- C:\Users\***\Desktop\Fend, Helmut - 2008 - Schule gestalten.pdf

[2013.03.07 10:46:56 | 002,612,472 | ---- | C] () -- C:\Users\***\Desktop\Skalenhandbuch Schulinspektion HH.pdf

[2013.03.07 10:44:35 | 000,117,388 | ---- | C] () -- C:\Users\***\Desktop\Krammer_E-Learning_mit_Videos_in_der_Ausbildung_1_.pdf

[2013.03.07 10:42:46 | 000,115,637 | ---- | C] () -- C:\Users\***\Desktop\R1_Video_Krammer-Hugener.pdf

[2013.03.05 12:00:22 | 000,751,074 | ---- | C] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann(1).pdf

[2013.03.05 12:00:18 | 000,751,074 | ---- | C] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann.pdf

[2013.03.05 11:09:45 | 019,761,002 | ---- | C] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn(2).pdf

[2013.03.05 09:49:06 | 019,761,002 | ---- | C] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn.pdf

[2013.03.02 11:43:59 | 000,194,695 | ---- | C] () -- C:\Users\***\Desktop\Hotelbestätigung_San Fransisco.xps

[2013.02.21 11:44:03 | 000,094,208 | RHS- | C] () -- C:\windows\System32\RPCNDFPP.dll

[2012.12.17 21:35:28 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll

[2012.12.17 21:35:28 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys

[2012.12.17 20:54:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2012.12.17 20:47:46 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys

[2012.05.17 11:51:17 | 000,000,628 | ---- | C] () -- C:\windows\wiso.ini

[2010.09.02 13:25:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

--- --- ---

[\code]

Den 2. OTL Log poste ich separat da ich ansonsten die maximale Zeichenanzahl überschreite.

Danke nochmal und VG,
Marcel

Wie im letzten Post angedeutet versuche ich das 2. Log von OTL (Extras.txt) einzufügen.

Leider funktioniert das weder als Code (zu viele Zeichen), noch als Anhang (zu groß).
Darum hier als Download:
https://www.dropbox.com/s/3y567g5ul5yy2oj/Extras.Txt

Ich werde ca. die nächsten 24-36 Stunden offline sein. Am Freitag bin ich aber direkt wieder am Ball.

Danke nochmal für Deine Hilfe!
Marcel

Wie im letzten Post angedeutet versuche ich das 2. Log von OTL (Extras.txt) einzufügen.

Leider funktioniert das weder als Code (zu viele Zeichen), noch als Anhang (zu groß).
Darum hier als Download:
https://www.dropbox.com/s/3y567g5ul5yy2oj/Extras.Txt

Ich werde ca. die nächsten 24-36 Stunden offline sein. Am Freitag bin ich aber direkt wieder am Ball.

Danke nochmal für Deine Hilfe!
Marcel

Hallo Marcel,

kein Problem, machen wir weiter:

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von Combofix
Log von OTL

Hi Leo,

hier der Code von AdwCleaner
AdwCleaner Logfile:

Code:

# AdwCleaner v2.115 - Datei am 28/03/2013 um 21:07:15 erstellt

# Aktualisiert am 17/03/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

# Benutzer : *** - COMPUTERNAME

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\***\AppData\Local\Temp\Uninstall.exe

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fzchtup0.default\searchplugins\Askcom.xml

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fzchtup0.default\searchplugins\zonealarm.xml

Ordner Gelöscht : C:\ProgramData\Ask

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Ordner Gelöscht : C:\Users\***\AppData\Local\APN

Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\AskSearch
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Schlüssel Gelöscht : HKLM\Software\Tarma Installer

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16470
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v19.0.2 (de)
 

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fzchtup0.default\prefs.js
 

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fzchtup0.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
 

-\\ Google Chrome v25.0.1364.172
 

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Gelöscht [l.45] : icon_url = "hxxp://www.ask.com/favicon.ico",

Gelöscht [l.48] : keyword = "ask.com",

Gelöscht [l.51] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=d[...]

Gelöscht [l.52] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
 

*************************
 

AdwCleaner[S1].txt - [2380 octets] - [28/03/2013 21:07:15]
 

########## EOF - C:\AdwCleaner[S1].txt - [2440 octets] ##########

--- --- ---

[/code]

der Code von Combofix

Code:

Combofix Logfile:
 

        Code:


        
ComboFix 13-03-28.01 - *** 28.03.2013  21:27:07.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3005.1683 [GMT 1:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\***\AppData\Local\Microsoft\AddIns\MMOutlookAddIn.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-02-28 bis 2013-03-28  ))))))))))))))))))))))))))))))

.

.

2013-03-28 20:36 . 2013-03-28 20:36        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-03-23 09:14 . 2013-03-23 09:14        --------        d-----w-        c:\programdata\Sophos

2013-03-23 09:14 . 2013-03-23 09:14        73728        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-03-23 09:14 . 2013-03-23 09:14        73728        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-03-23 09:14 . 2013-03-23 09:14        73728        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2013-03-23 09:14 . 2013-03-23 09:14        --------        d-----w-        c:\program files\Sophos

2013-03-17 17:29 . 2013-03-17 17:29        --------        d-----w-        c:\users\***\AppData\Roaming\CheckPoint

2013-03-17 17:29 . 2012-11-15 20:06        75096        ----a-w-        c:\windows\system32\drivers\klflt.sys

2013-03-17 16:53 . 2013-03-17 16:53        --------        d-----w-        c:\users\***\AppData\Roaming\Check Point Software Technologies LTD

2013-03-17 16:53 . 2013-03-17 17:29        --------        d-----w-        c:\program files\CheckPoint

2013-03-17 16:52 . 2013-03-17 16:52        --------        d-----w-        c:\programdata\CheckPoint

2013-03-14 06:29 . 2013-02-12 03:32        15872        ----a-w-        c:\windows\system32\drivers\usb8023.sys

2013-03-02 10:52 . 2013-03-02 10:52        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes

2013-03-02 10:52 . 2013-03-02 10:52        --------        d-----w-        c:\programdata\Malwarebytes

2013-03-02 10:52 . 2013-03-23 09:22        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2013-03-02 10:52 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-12 19:14 . 2012-09-19 19:17        73432        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-12 19:14 . 2012-09-19 19:17        693976        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-02-22 16:15 . 2013-02-22 16:15        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2013-02-22 16:15 . 2012-07-17 19:11        861088        ----a-w-        c:\windows\system32\npdeployJava1.dll

2013-02-22 16:15 . 2011-05-30 08:21        782240        ----a-w-        c:\windows\system32\deployJava1.dll

2013-01-05 05:00 . 2013-02-13 08:22        3967848        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 08:22        3913064        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-01-04 04:50 . 2013-02-13 08:22        169984        ----a-w-        c:\windows\system32\winsrv.dll

2013-01-04 03:00 . 2013-02-13 08:22        2347008        ----a-w-        c:\windows\system32\win32k.sys

2013-01-03 05:05 . 2013-02-13 08:22        1293672        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-01-03 05:04 . 2013-02-13 08:22        187752        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2013-03-09 06:29 . 2013-03-09 06:29        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-17 18:50        556648        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-17 18:50        556648        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-17 18:50        556648        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-17 18:50        556648        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]

"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]

"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-29 73832]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]

.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-10-26 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk

backup=c:\windows\pss\t@x aktuell.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35        946352        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]

2012-01-19 10:39        285072        ----a-w-        c:\program files\Samsung\AllShare\AllShareAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-11-28 13:13        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2010-07-04 18:13        95576        ----a-w-        c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56        1230704        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-12-12 12:57        152544        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]

2012-11-19 11:48        1404768        ----a-w-        c:\program files\Mobile Master\MMAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-11-09 10:27        17877168        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 08:04        252848        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AFWZXHYPHSTGP;AFWZXHYPHSTGP;c:\users\***\AppData\Local\Temp\AFWZXHYPHSTGP.exe [x]

R3 BQMXE;BQMXE;c:\users\***\AppData\Local\Temp\BQMXE.exe [x]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]

R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x]

R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]

S1 funfrm;funfrm; [x]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]

S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [x]

S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]

S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - FSUSBEXDISK

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

IgrsSvcs        REG_MULTI_SZ           ReadyComm.DirectRouter PS_MDP

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-14 17:02        1629648        ----a-w-        c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 19:14]

.

2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 11:23]

.

2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 11:23]

.

2013-03-27 c:\windows\Tasks\Norton Security Scan for ***.job

- c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-12-16 00:45]

.

2013-03-28 c:\windows\Tasks\zfdnslpds.job

- c:\windows\system32\RPCNDFPP.dll [2013-02-21 10:44]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fzchtup0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=bb8b92a0fd224bb885f9d43b7cef2fe9&tu=10G9000771B000v&sku=&tstsId=&ver=&

FF - ExtSQL: 2013-03-17 18:29; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker

FF - ExtSQL: 2013-03-23 09:34; ffxtlbr@zonealarm.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-NPSStartup - (no file)

HKLM-Run-ISW - (no file)

SafeBoot-09769240.sys

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-PLFSetL - c:\windows\PLFSetL.exe

MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe

MSConfigStartUp-VeriFaceManager - c:\program files\Lenovo\VeriFace\PManage.exe

AddRemove-Samsung Mobile phone USB driver Drive - c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(580)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

Zeit der Fertigstellung: 2013-03-28  21:39:24

ComboFix-quarantined-files.txt  2013-03-28 20:39

.

Vor Suchlauf: 9 Verzeichnis(se), 159.079.997.440 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 163.173.908.480 Bytes frei

.

- - End Of File - - A221E3AA2FF259BA002EC19B96AA8F2E

 
--- --- ---

der Code von OTL
OTL Logfile:

Code:

OTL logfile created on: 28.03.2013 21:42:09 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = D:\01_PRIVAT\Neuer Ordner (3)

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 59,23% Memory free

5,87 Gb Paging File | 4,74 Gb Available in Paging File | 80,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 210,83 Gb Total Space | 152,04 Gb Free Space | 72,12% Space Free | Partition Type: NTFS

Drive D: | 239,98 Gb Total Space | 41,74 Gb Free Space | 17,39% Space Free | Partition Type: NTFS

Drive Y: | 2779,26 Gb Total Space | 2068,29 Gb Free Space | 74,42% Space Free | Partition Type: NTFS

 

Computer Name: COMPUTERNAME | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.03.27 22:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\01_PRIVAT\Neuer Ordner (3)\OTL.exe

PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe

PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012.11.22 15:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.09.29 17:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe

PRC - [2009.09.29 17:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe

PRC - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe

PRC - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe

PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll

MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\pdf.dll

MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\libglesv2.dll

MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\libegl.dll

MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll

MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.12.20 04:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll

MOD - [2008.12.20 04:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\BQMXE.exe -- (BQMXE)

SRV - File not found [On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\AFWZXHYPHSTGP.exe -- (AFWZXHYPHSTGP)

SRV - [2013.03.12 20:14:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.03.09 07:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012.11.22 15:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.09.16 11:49:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)

SRV - [2012.01.19 11:41:48 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)

SRV - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2010.12.10 17:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2010.06.02 16:19:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.09.22 19:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)

SRV - [2009.08.14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)

SRV - [2009.07.16 04:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)

SRV - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)

SRV - [2009.07.14 15:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012.12.13 11:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2012.11.22 15:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012.11.15 21:06:10 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2010.04.27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2010.04.27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)

DRV - [2010.04.27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)

DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2010.03.12 05:44:27 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)

DRV - [2009.11.19 01:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009.11.19 01:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009.09.14 19:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009.07.30 10:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.07.28 22:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)

DRV - [2009.07.21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)

DRV - [2009.07.16 13:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)

DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)

DRV - [2009.06.15 03:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009.05.19 14:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV - [2009.03.13 17:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.08.06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{AB4E7E23-126D-4050-92A2-57D0113CE68A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=bb8b92a0fd224bb885f9d43b7cef2fe9&tu=10G9000771B000v&sku=&tstsId=&ver=&"

FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.03.17 18:29:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 07:29:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.09 07:29:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.18 20:07:44 | 000,000,000 | ---D | M]

 

[2010.06.01 17:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2013.03.23 16:36:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions

[2013.03.23 09:34:59 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com

[2013.03.12 18:33:52 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2013.02.14 09:41:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.23 11:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013.03.09 07:29:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

[2013.03.09 07:29:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.03.09 07:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013.03.09 07:29:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2013.03.09 07:29:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.03.09 07:29:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.03.09 07:29:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Ask (Enabled)

CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_ptnrs=%5EAGS&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}

CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

 

O1 HOSTS File: ([2013.03.28 21:37:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F847105-AF16-4516-9C13-7D693E52BD39}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.28 21:39:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.03.28 21:25:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013.03.28 21:25:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013.03.28 21:25:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013.03.28 21:15:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.03.28 21:15:07 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013.03.28 21:13:52 | 005,044,813 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe

[2013.03.24 13:37:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\USA

[2013.03.23 10:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2013.03.23 10:14:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

[2013.03.23 10:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2013.03.17 18:30:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ForceField Shared Files

[2013.03.17 18:29:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.03.17 18:29:23 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys

[2013.03.17 18:29:23 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klflt.sys

[2013.03.17 18:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point

[2013.03.17 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 17:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2013.03.17 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint

[2013.03.09 07:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013.03.02 16:33:26 | 000,000,000 | ---D | C] -- C:\windows\pss

[2013.03.02 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2013.03.02 11:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2013.03.02 11:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.03.02 11:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.03.02 11:52:48 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2013.03.02 11:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.03.28 21:37:01 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2013.03.28 21:35:41 | 000,000,314 | ---- | M] () -- C:\windows\tasks\zfdnslpds.job

[2013.03.28 21:17:05 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.28 21:17:05 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.28 21:14:58 | 000,694,084 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2013.03.28 21:14:58 | 000,656,802 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2013.03.28 21:14:58 | 000,144,926 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2013.03.28 21:14:58 | 000,121,934 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2013.03.28 21:14:21 | 005,044,813 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe

[2013.03.28 21:14:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013.03.28 21:09:44 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.03.28 21:09:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013.03.28 21:09:34 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.28 21:06:03 | 000,001,052 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013.03.28 21:04:17 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.03.27 22:07:37 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for ***.job

[2013.03.27 18:23:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2013.03.23 10:14:06 | 000,003,189 | ---- | M] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 10:04:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\ZLW

[2013.03.23 09:39:53 | 000,417,507 | ---- | M] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.17 13:41:56 | 000,429,788 | ---- | M] () -- C:\Users\***\Desktop\Zusatzvereinbarung zum Mietvertrag.pdf

[2013.03.14 18:05:43 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.03.13 10:41:46 | 000,208,016 | ---- | M] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 14:34:49 | 019,459,072 | ---- | M] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2013.03.07 13:52:37 | 001,949,346 | ---- | M] () -- C:\Users\***\Desktop\Fend, Helmut - 2008 - Schule gestalten.pdf

[2013.03.07 10:46:58 | 002,612,472 | ---- | M] () -- C:\Users\***\Desktop\Skalenhandbuch Schulinspektion HH.pdf

[2013.03.07 10:44:35 | 000,117,388 | ---- | M] () -- C:\Users\***\Desktop\Krammer_E-Learning_mit_Videos_in_der_Ausbildung_1_.pdf

[2013.03.07 10:42:47 | 000,115,637 | ---- | M] () -- C:\Users\***\Desktop\R1_Video_Krammer-Hugener.pdf

[2013.03.05 12:00:23 | 000,751,074 | ---- | M] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann(1).pdf

[2013.03.05 12:00:20 | 000,751,074 | ---- | M] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann.pdf

[2013.03.05 11:10:40 | 019,761,002 | ---- | M] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn(2).pdf

[2013.03.05 09:49:35 | 019,761,002 | ---- | M] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn.pdf

[2013.03.02 11:44:01 | 000,194,695 | ---- | M] () -- C:\Users\***\Desktop\Hotelbestätigung_San Fransisco.xps

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.03.28 21:25:23 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013.03.28 21:25:23 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013.03.28 21:25:23 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013.03.28 21:25:23 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013.03.28 21:25:23 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013.03.27 18:23:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2013.03.23 10:14:06 | 000,003,189 | ---- | C] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 10:04:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\ZLW

[2013.03.17 18:29:51 | 000,417,507 | ---- | C] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.17 13:41:56 | 000,429,788 | ---- | C] () -- C:\Users\***\Desktop\Zusatzvereinbarung zum Mietvertrag.pdf

[2013.03.13 10:41:46 | 000,208,016 | ---- | C] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 14:33:55 | 019,459,072 | ---- | C] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2013.03.07 13:52:37 | 001,949,346 | ---- | C] () -- C:\Users\***\Desktop\Fend, Helmut - 2008 - Schule gestalten.pdf

[2013.03.07 10:46:56 | 002,612,472 | ---- | C] () -- C:\Users\***\Desktop\Skalenhandbuch Schulinspektion HH.pdf

[2013.03.07 10:44:35 | 000,117,388 | ---- | C] () -- C:\Users\***\Desktop\Krammer_E-Learning_mit_Videos_in_der_Ausbildung_1_.pdf

[2013.03.07 10:42:46 | 000,115,637 | ---- | C] () -- C:\Users\***\Desktop\R1_Video_Krammer-Hugener.pdf

[2013.03.05 12:00:22 | 000,751,074 | ---- | C] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann(1).pdf

[2013.03.05 12:00:18 | 000,751,074 | ---- | C] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann.pdf

[2013.03.05 11:09:45 | 019,761,002 | ---- | C] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn(2).pdf

[2013.03.05 09:49:06 | 019,761,002 | ---- | C] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn.pdf

[2013.03.02 11:43:59 | 000,194,695 | ---- | C] () -- C:\Users\***\Desktop\Hotelbestätigung_San Fransisco.xps

[2013.02.21 11:44:03 | 000,094,208 | RHS- | C] () -- C:\windows\System32\RPCNDFPP.dll

[2012.12.17 21:35:28 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll

[2012.12.17 21:35:28 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys

[2012.12.17 20:54:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2012.12.17 20:47:46 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys

[2012.05.17 11:51:17 | 000,000,628 | ---- | C] () -- C:\windows\wiso.ini

[2010.09.02 13:25:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.05.17 13:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service

[2011.12.05 20:49:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre

[2013.03.17 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.03.28 21:11:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2011.02.10 10:57:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EasyCapture

[2012.12.18 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes

[2012.12.18 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master

[2011.05.30 09:24:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2012.12.17 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

[/code]

Danke und VG,
Marcel

Hallo Marcel,

dann hier die nächsten Schritte.
Sind danach die falschen Google-Verlinkungen verschwunden?

Schritt 1

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschliesslich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link.
Speichere es erneut auf den Desktop (wichtig!).
Drücke die {Windows} + R Taste, schreibe notepad in das Ausführen Fenster und drücke OK.
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

Driver:: AFWZXHYPHSTGP BQMXE KLIF File:: c:\windows\Tasks\zfdnslpds.job c:\windows\system32\RPCNDFPP.dll SecCenter:: AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
Speichere dies als CFScript.txt auf deinen Desktop.
Wichtig: Stelle deine Antiviren-Software temporär ab. Diese kann ComboFix bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Schliesse alle anderen laufenden Programme, damit ComboFix ungehindert arbeiten kann.
Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
http://i266.photobucket.com/albums/i.../CFScriptB.gif
Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Wenn ComboFix fertig ist, wird es ein Log erstellen (C:\ComboFix.txt).
Bitte füge den Inhalt dieses Logs in deine Antwort ein.

Schritt 2

Lade bitte folgendermassen Dateien zur Analyse hoch:

Deaktiviere bitte temporär deinen Virenscanner.
Suche folgenden Ordner
C:\Qoobox
und packe ihn in ein zip-Archiv (Rechtsklick darauf -> Senden an -> zip-komprimierten Ordner).
Gehe nun zum Trojaner-Board Upload-Channel:
1. Drücke auf Durchsuchen..., wähle das erstellte zip-File aus und klicke Öffnen.
2. Füge den Link deines Themas im Forum in das entsprechende Feld ein.
3. Gib deinen Benutzernamen ein.
4. Drücke auf den Button Hochladen.
Du kannst jetzt deinen Virenscanner wieder aktivieren.
(bebilderte Anleitung)

Bitte poste in deiner nächsten Antwort:

Log von Combofix

Hey Leo,

anbei findest Du das Log von Comofix:

Code:

Combofix Logfile:
 

        Code:


        
ComboFix 13-04-01.01 - *** 01.04.2013  17:50:12.2.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3005.1918 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

FILE ::

"c:\windows\system32\RPCNDFPP.dll"

"c:\windows\Tasks\zfdnslpds.job"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_KLIF

-------\Service_AFWZXHYPHSTGP

-------\Service_BQMXE

-------\Service_KLIF

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-03-01 bis 2013-04-01  ))))))))))))))))))))))))))))))

.

.

2013-04-01 16:01 . 2013-04-01 16:01        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-03-31 12:12 . 2013-03-31 12:17        --------        d-----w-        c:\users\***\AppData\Local\Microsoft Games

2013-03-23 09:14 . 2013-03-23 09:14        --------        d-----w-        c:\programdata\Sophos

2013-03-23 09:14 . 2013-03-23 09:14        73728        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-03-23 09:14 . 2013-03-23 09:14        73728        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-03-23 09:14 . 2013-03-23 09:14        73728        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2013-03-23 09:14 . 2013-03-23 09:14        --------        d-----w-        c:\program files\Sophos

2013-03-17 17:29 . 2013-03-17 17:29        --------        d-----w-        c:\users\***\AppData\Roaming\CheckPoint

2013-03-17 17:29 . 2012-11-15 20:06        75096        ----a-w-        c:\windows\system32\drivers\klflt.sys

2013-03-17 16:53 . 2013-03-17 16:53        --------        d-----w-        c:\users\***\AppData\Roaming\Check Point Software Technologies LTD

2013-03-17 16:53 . 2013-03-17 17:29        --------        d-----w-        c:\program files\CheckPoint

2013-03-17 16:52 . 2013-03-17 16:52        --------        d-----w-        c:\programdata\CheckPoint

2013-03-14 06:29 . 2013-02-12 03:32        15872        ----a-w-        c:\windows\system32\drivers\usb8023.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-12 19:14 . 2012-09-19 19:17        73432        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-12 19:14 . 2012-09-19 19:17        693976        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-02-22 16:15 . 2013-02-22 16:15        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2013-02-22 16:15 . 2012-07-17 19:11        861088        ----a-w-        c:\windows\system32\npdeployJava1.dll

2013-02-22 16:15 . 2011-05-30 08:21        782240        ----a-w-        c:\windows\system32\deployJava1.dll

2013-01-05 05:00 . 2013-02-13 08:22        3967848        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 08:22        3913064        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-01-04 04:50 . 2013-02-13 08:22        169984        ----a-w-        c:\windows\system32\winsrv.dll

2013-01-04 03:00 . 2013-02-13 08:22        2347008        ----a-w-        c:\windows\system32\win32k.sys

2013-01-03 05:05 . 2013-02-13 08:22        1293672        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-01-03 05:04 . 2013-02-13 08:22        187752        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2013-03-09 06:29 . 2013-03-09 06:29        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-03-07 15:31        576976        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-03-07 15:31        576976        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-03-07 15:31        576976        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-03-07 15:31        576976        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]

"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]

"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-29 73832]

"ISW"="" [BU]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]

.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-10-26 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk

backup=c:\windows\pss\t@x aktuell.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35        946352        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]

2012-01-19 10:39        285072        ----a-w-        c:\program files\Samsung\AllShare\AllShareAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-11-28 13:13        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2010-07-04 18:13        95576        ----a-w-        c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56        1230704        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-12-12 12:57        152544        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]

2012-11-19 11:48        1404768        ----a-w-        c:\program files\Mobile Master\MMAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-11-09 10:27        17877168        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 08:04        252848        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]

R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x]

R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]

S1 funfrm;funfrm; [x]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]

S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [x]

S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]

S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

IgrsSvcs        REG_MULTI_SZ           ReadyComm.DirectRouter PS_MDP

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-14 17:02        1629648        ----a-w-        c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 19:14]

.

2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 11:23]

.

2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 11:23]

.

2013-03-27 c:\windows\Tasks\Norton Security Scan for ***.job

- c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-12-16 00:45]

.

2013-04-01 c:\windows\Tasks\zfdnslpds.job

- c:\windows\system32\RPCNDFPP.dll [2013-02-21 10:44]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fzchtup0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=bb8b92a0fd224bb885f9d43b7cef2fe9&tu=10G9000771B000v&sku=&tstsId=&ver=&

FF - ExtSQL: 2013-03-17 18:29; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker

FF - ExtSQL: 2013-03-23 09:34; ffxtlbr@zonealarm.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(2780)

c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\rundll32.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\windows\system32\sppsvc.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-04-01  18:08:28 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-04-01 16:08

ComboFix2.txt  2013-03-28 20:39

.

Vor Suchlauf: 11 Verzeichnis(se), 163.141.922.816 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 162.922.205.184 Bytes frei

.

- - End Of File - - AB794646E5DFC408EC90B3D7AF65B2CA

 
--- --- ---

Den Upload von Qoobox habe ich soweit durchgeführt.

Danke,
Marcel

Hallo Marcel,

das Ding ist immer noch da..

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

:files

C:\windows\System32\RPCNDFPP.dll

C:\windows\tasks\zfdnslpds.job
 

:commands

[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von OTL

Hi Leo,

sorry für die späte Antwort.

Hier findest Du das Fixlog:
OTL Logfile:

Code:

OTL logfile created on: 28.03.2013 21:42:09 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = D:\01_PRIVAT\Neuer Ordner (3)

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 59,23% Memory free

5,87 Gb Paging File | 4,74 Gb Available in Paging File | 80,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 210,83 Gb Total Space | 152,04 Gb Free Space | 72,12% Space Free | Partition Type: NTFS

Drive D: | 239,98 Gb Total Space | 41,74 Gb Free Space | 17,39% Space Free | Partition Type: NTFS

Drive Y: | 2779,26 Gb Total Space | 2068,29 Gb Free Space | 74,42% Space Free | Partition Type: NTFS

 

Computer Name: COMPUTERNAME | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.03.27 22:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\01_PRIVAT\Neuer Ordner (3)\OTL.exe

PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe

PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012.11.22 15:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.09.29 17:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe

PRC - [2009.09.29 17:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe

PRC - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe

PRC - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe

PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll

MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\pdf.dll

MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\libglesv2.dll

MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\libegl.dll

MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll

MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.12.20 04:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll

MOD - [2008.12.20 04:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\BQMXE.exe -- (BQMXE)

SRV - File not found [On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\AFWZXHYPHSTGP.exe -- (AFWZXHYPHSTGP)

SRV - [2013.03.12 20:14:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.03.09 07:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012.11.22 15:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.09.16 11:49:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)

SRV - [2012.01.19 11:41:48 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)

SRV - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2010.12.10 17:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2010.06.02 16:19:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.09.22 19:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)

SRV - [2009.08.14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)

SRV - [2009.07.16 04:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)

SRV - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)

SRV - [2009.07.14 15:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012.12.13 11:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2012.11.22 15:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012.11.15 21:06:10 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2010.04.27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2010.04.27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)

DRV - [2010.04.27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)

DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2010.03.12 05:44:27 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)

DRV - [2009.11.19 01:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009.11.19 01:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009.09.14 19:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009.07.30 10:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.07.28 22:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)

DRV - [2009.07.21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)

DRV - [2009.07.16 13:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)

DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)

DRV - [2009.06.15 03:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009.05.19 14:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV - [2009.03.13 17:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.08.06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{AB4E7E23-126D-4050-92A2-57D0113CE68A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=bb8b92a0fd224bb885f9d43b7cef2fe9&tu=10G9000771B000v&sku=&tstsId=&ver=&"

FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.03.17 18:29:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 07:29:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.09 07:29:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.18 20:07:44 | 000,000,000 | ---D | M]

 

[2010.06.01 17:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2013.03.23 16:36:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions

[2013.03.23 09:34:59 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com

[2013.03.12 18:33:52 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2013.02.14 09:41:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.23 11:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013.03.09 07:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013.03.09 07:29:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

[2013.03.09 07:29:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.03.09 07:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013.03.09 07:29:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2013.03.09 07:29:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.03.09 07:29:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.03.09 07:29:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Ask (Enabled)

CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_ptnrs=%5EAGS&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}

CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

 

O1 HOSTS File: ([2013.03.28 21:37:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F847105-AF16-4516-9C13-7D693E52BD39}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.28 21:39:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.03.28 21:25:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013.03.28 21:25:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013.03.28 21:25:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013.03.28 21:15:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.03.28 21:15:07 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013.03.28 21:13:52 | 005,044,813 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe

[2013.03.24 13:37:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\USA

[2013.03.23 10:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2013.03.23 10:14:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

[2013.03.23 10:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2013.03.17 18:30:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ForceField Shared Files

[2013.03.17 18:29:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.03.17 18:29:23 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys

[2013.03.17 18:29:23 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klflt.sys

[2013.03.17 18:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point

[2013.03.17 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 17:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2013.03.17 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint

[2013.03.09 07:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013.03.02 16:33:26 | 000,000,000 | ---D | C] -- C:\windows\pss

[2013.03.02 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2013.03.02 11:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2013.03.02 11:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.03.02 11:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.03.02 11:52:48 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2013.03.02 11:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.03.28 21:37:01 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2013.03.28 21:35:41 | 000,000,314 | ---- | M] () -- C:\windows\tasks\zfdnslpds.job

[2013.03.28 21:17:05 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.28 21:17:05 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.28 21:14:58 | 000,694,084 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2013.03.28 21:14:58 | 000,656,802 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2013.03.28 21:14:58 | 000,144,926 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2013.03.28 21:14:58 | 000,121,934 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2013.03.28 21:14:21 | 005,044,813 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe

[2013.03.28 21:14:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013.03.28 21:09:44 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.03.28 21:09:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013.03.28 21:09:34 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.28 21:06:03 | 000,001,052 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013.03.28 21:04:17 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.03.27 22:07:37 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for ***.job

[2013.03.27 18:23:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2013.03.23 10:14:06 | 000,003,189 | ---- | M] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 10:04:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\ZLW

[2013.03.23 09:39:53 | 000,417,507 | ---- | M] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.17 13:41:56 | 000,429,788 | ---- | M] () -- C:\Users\***\Desktop\Zusatzvereinbarung zum Mietvertrag.pdf

[2013.03.14 18:05:43 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.03.13 10:41:46 | 000,208,016 | ---- | M] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 14:34:49 | 019,459,072 | ---- | M] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2013.03.07 13:52:37 | 001,949,346 | ---- | M] () -- C:\Users\***\Desktop\Fend, Helmut - 2008 - Schule gestalten.pdf

[2013.03.07 10:46:58 | 002,612,472 | ---- | M] () -- C:\Users\***\Desktop\Skalenhandbuch Schulinspektion HH.pdf

[2013.03.07 10:44:35 | 000,117,388 | ---- | M] () -- C:\Users\***\Desktop\Krammer_E-Learning_mit_Videos_in_der_Ausbildung_1_.pdf

[2013.03.07 10:42:47 | 000,115,637 | ---- | M] () -- C:\Users\***\Desktop\R1_Video_Krammer-Hugener.pdf

[2013.03.05 12:00:23 | 000,751,074 | ---- | M] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann(1).pdf

[2013.03.05 12:00:20 | 000,751,074 | ---- | M] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann.pdf

[2013.03.05 11:10:40 | 019,761,002 | ---- | M] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn(2).pdf

[2013.03.05 09:49:35 | 019,761,002 | ---- | M] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn.pdf

[2013.03.02 11:44:01 | 000,194,695 | ---- | M] () -- C:\Users\***\Desktop\Hotelbestätigung_San Fransisco.xps

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.03.28 21:25:23 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013.03.28 21:25:23 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013.03.28 21:25:23 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013.03.28 21:25:23 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013.03.28 21:25:23 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013.03.27 18:23:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2013.03.23 10:14:06 | 000,003,189 | ---- | C] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 10:04:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\ZLW

[2013.03.17 18:29:51 | 000,417,507 | ---- | C] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.17 13:41:56 | 000,429,788 | ---- | C] () -- C:\Users\***\Desktop\Zusatzvereinbarung zum Mietvertrag.pdf

[2013.03.13 10:41:46 | 000,208,016 | ---- | C] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 14:33:55 | 019,459,072 | ---- | C] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2013.03.07 13:52:37 | 001,949,346 | ---- | C] () -- C:\Users\***\Desktop\Fend, Helmut - 2008 - Schule gestalten.pdf

[2013.03.07 10:46:56 | 002,612,472 | ---- | C] () -- C:\Users\***\Desktop\Skalenhandbuch Schulinspektion HH.pdf

[2013.03.07 10:44:35 | 000,117,388 | ---- | C] () -- C:\Users\***\Desktop\Krammer_E-Learning_mit_Videos_in_der_Ausbildung_1_.pdf

[2013.03.07 10:42:46 | 000,115,637 | ---- | C] () -- C:\Users\***\Desktop\R1_Video_Krammer-Hugener.pdf

[2013.03.05 12:00:22 | 000,751,074 | ---- | C] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann(1).pdf

[2013.03.05 12:00:18 | 000,751,074 | ---- | C] () -- C:\Users\***\Desktop\Baumert, Stanat, Watermann.pdf

[2013.03.05 11:09:45 | 019,761,002 | ---- | C] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn(2).pdf

[2013.03.05 09:49:06 | 019,761,002 | ---- | C] () -- C:\Users\***\Desktop\Schmidt,      Maier - 2009 - Opportunity to Learn.pdf

[2013.03.02 11:43:59 | 000,194,695 | ---- | C] () -- C:\Users\***\Desktop\Hotelbestätigung_San Fransisco.xps

[2013.02.21 11:44:03 | 000,094,208 | RHS- | C] () -- C:\windows\System32\RPCNDFPP.dll

[2012.12.17 21:35:28 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll

[2012.12.17 21:35:28 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys

[2012.12.17 20:54:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2012.12.17 20:47:46 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys

[2012.05.17 11:51:17 | 000,000,628 | ---- | C] () -- C:\windows\wiso.ini

[2010.09.02 13:25:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.05.17 13:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service

[2011.12.05 20:49:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre

[2013.03.17 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.03.28 21:11:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2011.02.10 10:57:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EasyCapture

[2012.12.18 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes

[2012.12.18 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master

[2011.05.30 09:24:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2012.12.17 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Und das OTL Scan-Log:
OTL Logfile:

Code:

OTL logfile created on: 05.04.2013 18:17:13 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 50,75% Memory free

5,87 Gb Paging File | 4,30 Gb Available in Paging File | 73,37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 210,83 Gb Total Space | 152,90 Gb Free Space | 72,52% Space Free | Partition Type: NTFS

Drive D: | 239,98 Gb Total Space | 41,74 Gb Free Space | 17,39% Space Free | Partition Type: NTFS

Drive Y: | 2779,26 Gb Total Space | 2068,29 Gb Free Space | 74,42% Space Free | Partition Type: NTFS

 

Computer Name: COMPUTERNAME | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.03.27 23:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2013.03.22 00:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe

PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013.01.29 22:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe

PRC - [2013.01.29 21:35:36 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe

PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2012.11.22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

PRC - [2012.10.04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012.01.19 12:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.09.29 18:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe

PRC - [2009.09.29 18:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe

PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe

PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE

PRC - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe

PRC - [2009.06.04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll

MOD - [2013.03.22 00:50:32 | 012,662,224 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\pdf.dll

MOD - [2013.03.22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\libglesv2.dll

MOD - [2013.03.22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\libegl.dll

MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll

MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.12.20 05:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll

MOD - [2008.12.20 05:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.03.12 21:14:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.03.09 08:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.29 22:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.09.16 12:49:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2012.01.19 12:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)

SRV - [2012.01.19 12:41:48 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)

SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)

SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2010.06.02 17:19:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)

SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)

SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)

SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)

SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012.12.13 12:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2012.11.22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)

DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)

DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2010.03.12 06:44:27 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)

DRV - [2009.11.19 02:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009.11.19 02:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009.07.30 11:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)

DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)

DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)

DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV - [2009.03.13 18:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{AB4E7E23-126D-4050-92A2-57D0113CE68A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=bb8b92a0fd224bb885f9d43b7cef2fe9&tu=10G9000771B000v&sku=&tstsId=&ver=&"

FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.03.17 19:29:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 08:29:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.09 08:29:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.18 21:07:44 | 000,000,000 | ---D | M]

 

[2010.06.01 18:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2013.03.23 17:36:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions

[2013.03.23 10:34:59 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com

[2013.03.12 19:33:52 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2013.02.14 10:41:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.23 12:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js

[2013.03.09 08:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.03.09 08:29:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013.03.09 08:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013.03.09 08:29:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

[2013.03.09 08:29:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.03.09 08:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013.03.09 08:29:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2013.03.09 08:29:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.03.09 08:29:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.03.09 08:29:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Ask (Enabled)

CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_ptnrs=%5EAGS&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}

CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

 

O1 HOSTS File: ([2013.04.01 18:04:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F847105-AF16-4516-9C13-7D693E52BD39}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.05 18:02:28 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.04.05 18:01:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2013.04.01 18:04:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.04.01 17:40:50 | 005,046,324 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe

[2013.03.31 14:12:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games

[2013.03.29 17:13:43 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013.03.28 22:25:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013.03.28 22:25:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013.03.28 22:25:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013.03.28 22:15:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.03.28 22:15:07 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013.03.24 14:37:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\USA

[2013.03.23 11:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2013.03.23 11:14:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

[2013.03.23 11:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2013.03.17 19:30:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ForceField Shared Files

[2013.03.17 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.03.17 19:29:23 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys

[2013.03.17 19:29:23 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klflt.sys

[2013.03.17 19:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point

[2013.03.17 18:53:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 18:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2013.03.17 18:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint

[2013.03.09 08:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.05 18:20:08 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.05 18:20:08 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.05 18:17:24 | 000,694,084 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2013.04.05 18:17:24 | 000,656,802 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2013.04.05 18:17:24 | 000,144,926 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2013.04.05 18:17:24 | 000,121,934 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2013.04.05 18:14:14 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.04.05 18:14:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013.04.05 18:12:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013.04.05 18:12:40 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.05 18:11:29 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for ***.job

[2013.04.05 18:02:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.04.05 09:28:27 | 000,177,473 | ---- | M] () -- C:\Users\***\Desktop\Revor_Bedding-Überweisungsbeleg.xps

[2013.04.01 23:03:41 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.04.01 19:02:43 | 000,167,445 | ---- | M] () -- C:\Users\***\Desktop\Qoobox.zip

[2013.04.01 18:04:18 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2013.04.01 17:42:28 | 005,046,324 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe

[2013.03.28 22:06:03 | 000,001,052 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013.03.27 23:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2013.03.27 19:23:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2013.03.23 11:14:06 | 000,003,189 | ---- | M] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 11:04:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\ZLW

[2013.03.23 10:39:53 | 000,417,507 | ---- | M] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.13 11:41:46 | 000,208,016 | ---- | M] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 15:34:49 | 019,459,072 | ---- | M] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2013.03.07 14:52:37 | 001,949,346 | ---- | M] () -- C:\Users\***\Desktop\Fend, Helmut - 2008 - Schule gestalten.pdf

[2013.03.07 11:46:58 | 002,612,472 | ---- | M] () -- C:\Users\***\Desktop\Skalenhandbuch Schulinspektion HH.pdf

[2013.03.07 11:44:35 | 000,117,388 | ---- | M] () -- C:\Users\***\Desktop\Krammer_E-Learning_mit_Videos_in_der_Ausbildung_1_.pdf

[2013.03.07 11:42:47 | 000,115,637 | ---- | M] () -- C:\Users\***\Desktop\R1_Video_Krammer-Hugener.pdf

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.05 09:28:25 | 000,177,473 | ---- | C] () -- C:\Users\***\Desktop\Revor_Bedding-Überweisungsbeleg.xps

[2013.04.01 19:02:42 | 000,167,445 | ---- | C] () -- C:\Users\***\Desktop\Qoobox.zip

[2013.03.28 22:25:23 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013.03.28 22:25:23 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013.03.28 22:25:23 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013.03.28 22:25:23 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013.03.28 22:25:23 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013.03.27 19:23:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2013.03.23 11:14:06 | 000,003,189 | ---- | C] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 11:04:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\ZLW

[2013.03.17 19:29:51 | 000,417,507 | ---- | C] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.13 11:41:46 | 000,208,016 | ---- | C] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 15:33:55 | 019,459,072 | ---- | C] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2013.03.07 14:52:37 | 001,949,346 | ---- | C] () -- C:\Users\***\Desktop\Fend, Helmut - 2008 - Schule gestalten.pdf

[2013.03.07 11:46:56 | 002,612,472 | ---- | C] () -- C:\Users\***\Desktop\Skalenhandbuch Schulinspektion HH.pdf

[2013.03.07 11:44:35 | 000,117,388 | ---- | C] () -- C:\Users\***\Desktop\Krammer_E-Learning_mit_Videos_in_der_Ausbildung_1_.pdf

[2013.03.07 11:42:46 | 000,115,637 | ---- | C] () -- C:\Users\***\Desktop\R1_Video_Krammer-Hugener.pdf

[2012.12.17 22:35:28 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll

[2012.12.17 22:35:28 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys

[2012.12.17 21:54:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2012.12.17 21:47:46 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys

[2012.05.17 12:51:17 | 000,000,628 | ---- | C] () -- C:\windows\wiso.ini

[2010.09.02 14:25:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.05.17 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service

[2011.12.05 21:49:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre

[2013.03.17 18:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.04.05 18:15:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2011.02.10 11:57:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EasyCapture

[2012.12.18 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes

[2012.12.18 21:14:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master

[2011.05.30 10:24:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2012.12.17 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung

 
 ========== Purity Check ==========

 

 
 

< End of report >

Danke und VG,
Marcel

Hallo Marcel,

kein Problem.
Wir sind schon fast durch. Wie läuft der Rechner?

Schritt 1

Lade bitte folgendermassen Dateien zur Analyse hoch:

Deaktiviere bitte temporär deinen Virenscanner.
Suche folgenden Ordner
C:\_OTL\MovedFiles
und packe ihn in ein zip-Archiv (Rechtsklick darauf -> Senden an -> zip-komprimierten Ordner).
Gehe nun zum Trojaner-Board Upload-Channel:
1. Drücke auf Durchsuchen..., wähle das erstellte zip-File aus und klicke Öffnen.
2. Füge den Link deines Themas im Forum in das entsprechende Feld ein.
3. Gib deinen Benutzernamen ein.
4. Drücke auf den Button Hochladen.
Du kannst jetzt deinen Virenscanner wieder aktivieren.
(bebilderte Anleitung)

Schritt 2

Öffne Google Chrome.
Klicke rechts oben auf Google Chrome anpassen.
Wähle Einstellungen.
Unter Suche klicke auf Suchmachinen verwalten.
Bewege den Mauszeiger auf Google.de und klicke auf den blau hinterlegten Button Als Standard festlegen.
Bewege nun den Mauszeiger auf Ask und klicke rechts auf das Symbol X.
Bestätige mit Ok.
Schliesse den Google Chrome.

Schritt 3

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 4

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 5

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Schritt 6

Downloade dir bitte SecurityCheck (Link 1, Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von MBAM
Log von ESET
Log von OTL
Log von SecurityCheck

Hi Leo,

hier nun die weiteren Logs:

Log von MBAM

Code:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.04.06.04
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

*** :: COMPUTERNAME [Administrator]
 

06.04.2013 15:09:55

mbam-log-2013-04-06 (15-09-55).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 216672

Laufzeit: 4 Minute(n), 42 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Log von ESET

Code:

C:\_OTL\MovedFiles.zip        a variant of Win32/Ponmocup.GD trojan

C:\_OTL\MovedFiles\04052013_180228\C_windows\System32\RPCNDFPP.dll        a variant of Win32/Ponmocup.GD trojan

Log von OTL

Code:

OTL logfile created on: 06.04.2013 17:33:44 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = D:\01_PRIVAT\Neuer Ordner (3)

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 48,58% Memory free

5,87 Gb Paging File | 4,33 Gb Available in Paging File | 73,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 210,83 Gb Total Space | 152,73 Gb Free Space | 72,44% Space Free | Partition Type: NTFS

Drive D: | 239,98 Gb Total Space | 41,66 Gb Free Space | 17,36% Space Free | Partition Type: NTFS

 

Computer Name: COMPUTERNAME | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.03.27 23:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\01_PRIVAT\Neuer Ordner (3)\OTL.exe

PRC - [2013.03.22 00:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe

PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2012.10.20 22:25:52 | 000,409,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\WINWORD.EXE

PRC - [2012.10.04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012.01.19 12:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 14:17:29 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.10.03 00:34:42 | 000,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

PRC - [2009.09.29 18:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe

PRC - [2009.09.29 18:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe

PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe

PRC - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe

PRC - [2009.06.04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll

MOD - [2013.03.22 00:50:32 | 012,662,224 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\pdf.dll

MOD - [2013.03.22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\libglesv2.dll

MOD - [2013.03.22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\libegl.dll

MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll

MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2009.10.03 04:18:02 | 007,569,408 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU

MOD - [2009.02.27 14:56:34 | 000,016,768 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2008.12.20 05:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll

MOD - [2008.12.20 05:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.03.12 21:14:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.03.09 08:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.29 22:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.09.16 12:49:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2012.01.19 12:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)

SRV - [2012.01.19 12:41:48 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)

SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)

SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2010.06.02 17:19:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)

SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)

SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)

SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)

SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012.12.13 12:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2012.11.22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)

DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)

DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2010.03.12 06:44:27 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)

DRV - [2009.11.19 02:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009.11.19 02:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009.07.30 11:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)

DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)

DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)

DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV - [2009.03.13 18:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\SearchScopes\{AB4E7E23-126D-4050-92A2-57D0113CE68A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3a473a2d-006e-4dfe-a45f-993f71c2b003&apn_sauid=9029D7EB-7810-4366-99C0-90DE9B1E8A59

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=bb8b92a0fd224bb885f9d43b7cef2fe9&tu=10G9000771B000v&sku=&tstsId=&ver=&"

FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.03.17 19:29:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 08:29:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.09 08:29:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.18 21:07:44 | 000,000,000 | ---D | M]

 

[2010.06.01 18:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2013.03.23 17:36:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions

[2013.03.23 10:34:59 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com

[2013.03.12 19:33:52 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2013.02.14 10:41:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.01.23 12:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fzchtup0.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js

[2013.03.09 08:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.03.09 08:29:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013.03.09 08:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013.03.09 08:29:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

[2013.03.09 08:29:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.03.09 08:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013.03.09 08:29:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2013.03.09 08:29:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.03.09 08:29:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.03.09 08:29:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

 

O1 HOSTS File: ([2013.04.01 18:04:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ISW]  File not found

O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-693451530-1158735282-2205986126-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F847105-AF16-4516-9C13-7D693E52BD39}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.06 15:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013.04.06 15:16:27 | 002,347,384 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2013.04.05 18:02:28 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.04.05 18:01:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2013.04.01 18:04:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.04.01 17:40:50 | 005,046,324 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe

[2013.03.31 14:12:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games

[2013.03.29 17:13:43 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013.03.28 22:25:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013.03.28 22:25:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013.03.28 22:25:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013.03.28 22:15:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.03.28 22:15:07 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013.03.24 14:37:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\USA

[2013.03.23 11:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2013.03.23 11:14:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

[2013.03.23 11:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2013.03.17 19:30:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ForceField Shared Files

[2013.03.17 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.03.17 19:29:23 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys

[2013.03.17 19:29:23 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klflt.sys

[2013.03.17 19:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point

[2013.03.17 18:53:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 18:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2013.03.17 18:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint

[2013.03.09 08:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 ******
 ========== Files - Modified Within 30 Days ==========***

 

[2013.04.06 17:14:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013.04.06 17:02:04 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.04.06 15:16:30 | 002,347,384 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2013.04.06 10:12:13 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.04.06 10:03:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013.04.05 18:20:08 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.05 18:20:08 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.05 18:17:24 | 000,694,084 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2013.04.05 18:17:24 | 000,656,802 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2013.04.05 18:17:24 | 000,144,926 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2013.04.05 18:17:24 | 000,121,934 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2013.04.05 18:12:40 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.05 18:11:29 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for ***.job

[2013.04.05 09:28:27 | 000,177,473 | ---- | M] () -- C:\Users\***\Desktop\Revor_Bedding-Überweisungsbeleg.xps

[2013.04.01 23:03:41 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.04.01 19:02:43 | 000,167,445 | ---- | M] () -- C:\Users\***\Desktop\Qoobox.zip

[2013.04.01 18:04:18 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2013.04.01 17:42:28 | 005,046,324 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe

[2013.03.28 22:06:03 | 000,001,052 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013.03.27 23:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2013.03.27 19:23:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2013.03.23 11:14:06 | 000,003,189 | ---- | M] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 11:04:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\ZLW

[2013.03.23 10:39:53 | 000,417,507 | ---- | M] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.13 11:41:46 | 000,208,016 | ---- | M] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 15:34:49 | 019,459,072 | ---- | M] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.05 09:28:25 | 000,177,473 | ---- | C] () -- C:\Users\***\Desktop\Revor_Bedding-Überweisungsbeleg.xps

[2013.04.01 19:02:42 | 000,167,445 | ---- | C] () -- C:\Users\***\Desktop\Qoobox.zip

[2013.03.28 22:25:23 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013.03.28 22:25:23 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013.03.28 22:25:23 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013.03.28 22:25:23 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013.03.28 22:25:23 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013.03.27 19:23:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2013.03.23 11:14:06 | 000,003,189 | ---- | C] () -- C:\Users\***\Desktop\Sophos Virus Removal Tool.lnk

[2013.03.23 11:04:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\ZLW

[2013.03.17 19:29:51 | 000,417,507 | ---- | C] () -- C:\windows\System32\drivers\vsconfig.xml

[2013.03.13 11:41:46 | 000,208,016 | ---- | C] () -- C:\Users\***\Desktop\RR188.pdf

[2013.03.12 15:33:55 | 019,459,072 | ---- | C] () -- C:\Users\***\Desktop\Häußermann - 2012 - Ursachen sozialräumlicher Segregati_on.pdf

[2012.12.17 22:35:28 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll

[2012.12.17 22:35:28 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys

[2012.12.17 21:54:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2012.12.17 21:47:46 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys

[2012.05.17 12:51:17 | 000,000,628 | ---- | C] () -- C:\windows\wiso.ini

[2010.09.02 14:25:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.05.17 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service

[2011.12.05 21:49:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre

[2013.03.17 18:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD

[2013.03.17 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint

[2013.04.06 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2011.02.10 11:57:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EasyCapture

[2012.12.18 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes

[2012.12.18 21:14:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master

[2011.05.30 10:24:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2012.12.17 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung

 
 ========== Purity Check ==========

 

 
 

< End of report >

Log von SecurityCheck

Code:

 Results of screen317's Security Check version 0.99.62  

 Windows 7 Service Pack 1 x86 (UAC is disabled!)  

 Internet Explorer 9  
 ``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.70.0.1100  

 Java(TM) 6 Update 33  

 Java 7 Update 15  

 Java version out of Date! 

 Adobe Flash Player         11.6.602.180  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox 19.0.2 Firefox out of Date!  

 Google Chrome 25.0.1364.172  

 Google Chrome 26.0.1410.43  
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  

 CheckPoint ZoneAlarm zatray.exe  

 CheckPoint ZoneAlarm vsmon.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Danke und VG,
Marcel

Hallo Marcel,

danke für den Upload.
ESET hat nur noch gefunden, was wir bereits entdeckt und in Quarantäne geschoben haben.
Aber im SecurityCheck-Log ist noch etwas gar viel rot. Das sollte korrigiert werden...

Hinweis: Deaktivierte Benutzerkontensteuerung

Ich sehe, dass die Benutzerkontensteuerung (UAC) bei dir deaktiviert ist. Hast du sie bewusst selbst ausgeschaltet?
Aus der Sicherheitsperspektive her gesehen sollte man die Benutzerkontensteuerung eingeschaltet lassen, auch wenn sie manchmal etwas mühsam ist.

Ich empfehle dir, sie gemäss dieser Anleitung wieder zu aktivieren.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

:files

sc config wscsvc start= auto /c

net start wscsvc /c
 

:commands

[reboot]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.

Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 17.

Gehe zu
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
Start --> Systemsteuerung --> Software (bei Win XP)
und deinstalliere alle älteren Java-Versionen.

In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:

Lade dir die neueste Java-Version herunter.
Schliesse alle laufenden Programme, speziell den Browser.
Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".

Schritt 3

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.

Schritt 4

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Deinstalliere bitte deine aktuelle Version von Adobe Reader über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Schritt 5

Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von SecurityCheck

Hi Leo,

habe alles wie vorgeschlagen gemacht:
- OTL Fix
- Java Update
- Firefox Update
- UAC aktivieren
- Security Check

Hier nun das Security Check Log:

Code:

 Results of screen317's Security Check version 0.99.62  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 9  
 ``````````````Antivirus/Firewall Check:`````````````` 

ZoneAlarm Antivirus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.70.0.1100  

 Java 7 Update 17  

 Adobe Flash Player         11.6.602.180  

 Adobe Reader 9  

 Adobe Reader XI  

 Mozilla Firefox (20.0) 

 Google Chrome 25.0.1364.172  

 Google Chrome 26.0.1410.43  
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  

 CheckPoint ZoneAlarm vsmon.exe  

 CheckPoint ZoneAlarm zatray.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Danke und VG,
Marcel

Hallo Marcel,

so sieht das SecurityCheck-Log doch schon viel freundlicher aus. :daumenhoc
Wir räumen noch auf:

Cleanup

Zum Schluss werden wir jetzt noch unsere Tools wegräumen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.

Falls zu Beginn defogger verwendet wurde, dann starte defogger und drücke den Button Re-enable.
Falls Combofix eingesetzt wurde, dann deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
- Schliesse alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

Hi leo!

Danke nochmals für Deine Geduld und die Hilfe!

Momentan funktioniert alles perfekt!

Danke nochmals und viele Grüße,
Marcel

Danke für die Rückmeldung, Marcel.

Freut mich, dass wir helfen konnten. :abklatsch:

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.