EXP/CVE-2012-1723.A.3417, *.3228 und EXP/CVE20121723.BZJ
Hallo zusammen,
im letzten halben Jahr hatte ich erstmals (oder erstmals bemerkt?) Probleme mit Trojanern (Bundestrojaner) und einem gehackten Mailaccount.
Nachdem Avira Antivir gestern die drei im Titel genannten Viren gefunden und davon nur EXP/CVE20121723.BZJ in Quarantäne geschoben hat, würde ich mich über eure Hilfe beim Entfernen sehr freuen.
Auf meinem Laptop ist Virtual Clone Drive installiert, ich habe jedoch in Schritt 1 den defogger der Anleitung folgend benutzt. Ein Neustart wurde nicht gefordert.
Unten findet ihr die von mir nach eurer Anleitung erstellten Logfiles. (Ihr werdet darin gegebenenfalls über ein paar asiatische Domains stolpern; das sind teilweise Sachen, die ich zur Nutzung des Uninetzwerks im Ausland installieren musste und bei Gelegenheit auch gerne wieder loswerden würde, aber nicht weiß, wie :P)
Avira Free Antivirus Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 5. März 2013 18:39
Es wird nach 5135643 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : LAPTOP
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 22.11.2012 22:39:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 14:24:20
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 14:24:20
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 14:24:20
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 17:56:35
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 02:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:47:38
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 08:07:17
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 18:23:06
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 16:42:39
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 22:39:38
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 22:08:21
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 22:08:21
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 22:08:22
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 22:08:22
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 22:08:22
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 16:06:36
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 16:06:37
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 15:36:58
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 16:21:32
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 16:21:32
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 14:05:06
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 14:05:24
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 14:52:34
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 11:24:26
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 11:24:26
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 11:24:27
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 12:09:15
VBASE025.VDF : 7.11.63.71 209408 Bytes 01.03.2013 12:14:46
VBASE026.VDF : 7.11.63.121 257536 Bytes 04.03.2013 12:19:45
VBASE027.VDF : 7.11.63.122 2048 Bytes 04.03.2013 12:19:45
VBASE028.VDF : 7.11.63.123 2048 Bytes 04.03.2013 12:19:45
VBASE029.VDF : 7.11.63.124 2048 Bytes 04.03.2013 12:19:45
VBASE030.VDF : 7.11.63.125 2048 Bytes 04.03.2013 12:19:45
VBASE031.VDF : 7.11.63.174 128000 Bytes 05.03.2013 12:59:50
Engineversion : 8.2.12.10
AEVDF.DLL : 8.1.2.10 102772 Bytes 14.07.2012 11:37:27
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 26.02.2013 11:24:31
AESCN.DLL : 8.1.10.0 131445 Bytes 14.12.2012 22:21:01
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 03:33:01
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 12:12:22
AEPACK.DLL : 8.3.1.12 815480 Bytes 01.03.2013 12:14:53
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 13.11.2012 20:39:24
AEHEUR.DLL : 8.1.4.222 5767545 Bytes 01.03.2013 12:14:51
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 17:37:34
AEGEN.DLL : 8.1.6.16 434549 Bytes 26.01.2013 13:13:24
AEEXP.DLL : 8.4.0.6 192885 Bytes 01.03.2013 12:14:54
AEEMU.DLL : 8.1.3.2 393587 Bytes 14.07.2012 11:33:50
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 14:05:25
AEBB.DLL : 8.1.1.4 53619 Bytes 13.11.2012 20:39:20
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 14:24:19
AVPREF.DLL : 12.3.0.32 50720 Bytes 22.11.2012 22:39:47
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 14:24:20
AVARKT.DLL : 12.3.0.33 209696 Bytes 22.11.2012 22:39:46
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 14:24:20
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 14:24:20
AVSMTP.DLL : 12.3.0.32 63480 Bytes 26.07.2012 14:53:00
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 14:24:20
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 26.07.2012 14:52:40
RCTEXT.DLL : 12.3.0.32 98848 Bytes 22.11.2012 22:39:29
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Dienstag, 5. März 2013 18:39
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_171.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_171.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMDBSVC.EXE' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCDDaemon.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcDeskBandHlpr.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3123' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\Iris\AppData\Local\Temp\jar_cache8401026136713566747.tmp
[0] Archivtyp: ZIP
--> Example.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.3417
--> SecretKey.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.3228
Beginne mit der Suche in 'D:\' <Lenovo>
Beginne mit der Desinfektion:
C:\Users\Iris\AppData\Local\Temp\jar_cache8401026136713566747.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE20121723.BZJ
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54e2c5c6.qua' verschoben!
Ende des Suchlaufs: Dienstag, 5. März 2013 22:43
Benötigte Zeit: 4:02:47 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
88039 Verzeichnisse wurden überprüft
2329918 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2329915 Dateien ohne Befall
19900 Archive wurden durchsucht
0 Warnungen
1 Hinweise
641732 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
OTL Code:
OTL logfile created on: 06.03.2013 16:37:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Iris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 64,70% Memory free
7,80 Gb Paging File | 6,06 Gb Available in Paging File | 77,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,53 Gb Total Space | 145,26 Gb Free Space | 31,96% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 3,26 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
Drive F: | 15,43 Gb Total Space | 13,68 Gb Free Space | 88,65% Space Free | Partition Type: FAT32
Computer Name: LAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.06 09:11:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Iris\Desktop\OTL.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.11.07 19:23:46 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.09.07 08:10:38 | 000,604,048 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2012.09.07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2012.07.26 15:52:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 15:24:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 15:24:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.22 19:06:00 | 000,089,152 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2012.01.22 19:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.12.09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.02.23 14:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.03.23 05:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.12.11 06:22:08 | 000,060,272 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.11.28 04:54:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.05.30 22:29:08 | 000,117,760 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)
SRV:64bit: - [2011.05.30 22:29:04 | 000,130,048 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)
SRV:64bit: - [2011.05.30 22:22:56 | 002,715,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\ATService.exe -- (ATService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.27 11:29:56 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.11.02 19:19:36 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.09.07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012.08.07 21:22:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 15:24:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 15:24:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.22 19:06:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012.01.22 19:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.01.22 19:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.11.01 05:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.11.01 05:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.11.01 05:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.10.20 10:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011.10.19 06:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2010.03.23 05:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 05:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 13:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.23 08:45:42 | 000,475,648 | ---- | M] (Saint Security Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\NetCare\v5\ncsvc.exe -- (ncsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.11 06:22:08 | 000,042,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.11.01 15:31:48 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.08 15:24:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 15:24:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.22 19:06:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012.01.22 19:06:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.11.28 05:20:18 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.11.28 05:20:18 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.28 04:19:10 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.31 07:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.10.19 06:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.10.19 06:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.10.13 16:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.10.13 16:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.09.16 08:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.31 13:53:52 | 000,735,616 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.04.22 16:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.04.08 15:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.03.23 05:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 00:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.08 07:11:40 | 000,037,440 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.10.05 09:58:18 | 000,649,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.17 14:11:12 | 000,031,744 | ---- | M] (Saint Security Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ncdrv.sys -- (NcdrvMP)
DRV:64bit: - [2009.06.17 14:11:12 | 000,031,744 | ---- | M] (Saint Security Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ncdrv.sys -- (Ncdrv)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 10:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.08.22 14:10:26 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2006.11.18 05:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2013.02.01 20:29:10 | 000,000,306 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\null -- (Null)
DRV - [2012.11.02 19:20:00 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 9C 28 B3 2D 50 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.02.01 20:18:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.02.01 20:18:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 21:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.02 23:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.08 18:41:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 21:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.02 23:08:34 | 000,000,000 | ---D | M]
[2012.03.09 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2013.02.01 20:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\np7hbaaf.default\extensions
[2012.03.18 04:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.07 21:22:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.07 19:57:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.07 19:57:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.07 19:57:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.07 19:57:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.07 19:57:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.07 19:57:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = @biocpl.dll,-1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} https://www.epost.go.kr/comm/easykeytec/easykeytec.cab (EZKeytecWeb Class)
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} hxxp://www.seevideo.co.kr/pub/seevideo2003/svporsche.cab (SVPorsche Control)
O16 - DPF: {D6E38480-8844-4A46-8FE0-83CAEEAD0628} hxxp://netcare.yonsei.ac.kr/v5/install/ncinstaller_1.0.0.6.cab (NCDownloader Class)
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_19.cab (CongnamulMap4Asp Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5EE4AB8-0FBB-4012-8360-3A673502ABB5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{6eb62de7-6bd0-11e1-8363-cc52afceaac9}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb62de7-6bd0-11e1-8363-cc52afceaac9}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{6eb62de7-6bd0-11e1-8363-cc52afceaac9}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{6eb62de7-6bd0-11e1-8363-cc52afceaac9}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.02 23:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
[2013.03.02 23:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2013.03.02 23:15:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013.03.02 23:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2013.03.02 23:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2013.02.26 13:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.02.26 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.06 16:33:31 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2013.03.06 16:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.06 15:29:21 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.06 15:29:21 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.06 15:29:21 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.06 15:29:21 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.06 15:29:21 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.06 15:28:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.06 11:25:26 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 11:25:26 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 11:17:41 | 469,136,590 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.06 11:17:35 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.19 07:25:32 | 000,335,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.06 16:33:31 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2013.02.26 13:38:07 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.08.02 08:23:09 | 000,000,051 | ---- | C] () -- C:\ProgramData\vrayufkqkzngcci
[2012.06.16 06:41:33 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012.03.26 11:41:58 | 000,483,328 | ---- | C] () -- C:\Windows\SysWow64\INITray.exe
[2012.03.24 11:40:56 | 000,025,872 | ---- | C] () -- C:\Windows\SysWow64\INIUAC.exe
[2012.03.17 17:13:08 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.03.17 17:12:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.13 16:00:53 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.24 00:25:04 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.03.10 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CachedFiles
[2012.08.09 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CheckPoint
[2012.06.16 06:41:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DonationCoder
[2012.03.11 07:05:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2012.08.21 21:07:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft
[2012.04.03 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FreePDF
[2012.05.30 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IrfanView
[2012.06.16 06:52:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MusicBrainz
[2012.04.03 13:04:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\pdfforge
[2012.03.10 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PwrMgr
[2012.08.07 19:56:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
========== Purity Check ==========
< End of report >
EXTRAS Code:
OTL Extras logfile created on: 06.03.2013 16:37:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Iris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 64,70% Memory free
7,80 Gb Paging File | 6,06 Gb Available in Paging File | 77,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,53 Gb Total Space | 145,26 Gb Free Space | 31,96% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 3,26 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
Drive F: | 15,43 Gb Total Space | 13,68 Gb Free Space | 88,65% Space Free | Partition Type: FAT32
Computer Name: LAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101016F8-823E-413D-8E91-E98D05961502}" = rport=445 | protocol=6 | dir=out | app=system |
"{2911FC39-C43D-4340-A1D9-D8A954757040}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BE43C1C-742D-444F-86FC-BE397A89C11F}" = rport=139 | protocol=6 | dir=out | app=system |
"{5398EDC2-26B2-44E3-8AAC-D21081058682}" = lport=445 | protocol=6 | dir=in | app=system |
"{7998819E-894D-4D81-B79A-C68E31B4AE29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{920A4993-98C4-4752-9593-011828DFA202}" = rport=138 | protocol=17 | dir=out | app=system |
"{944700FF-E4CE-40FA-9F9A-8D9F5D080126}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B79189D6-59A9-4E6F-B490-4CE98A52095C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B850C62E-2DBD-4015-B26B-F6083F81FAD1}" = lport=8993 | protocol=17 | dir=in | name=anysvcport |
"{C800056B-66A4-4768-8042-8A54B28BD9AD}" = lport=138 | protocol=17 | dir=in | app=system |
"{D9EF24CC-7634-49B1-8FBB-42ACF664E9E2}" = lport=137 | protocol=17 | dir=in | app=system |
"{EA14F422-09D0-4A2B-8A36-5E457CC8C1CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2AD844E-BD5C-4EEC-9131-C902C0454092}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EA26EC-DED1-47A2-A793-9FAD187CCD48}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10F887BA-127E-421E-9D3D-F8E2BAE9F559}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F72B5EA-5396-4B06-B697-2D17AAE2F0E2}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{410197CD-0635-4132-86E2-37731C476F69}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{44E5D4B3-8DF0-4CD0-B7B8-90393F64F893}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5B8DA1A2-7E8B-45A8-AD93-1DB586145403}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6DDA0D50-B8B4-4107-9F14-498EEB811F97}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{891FA09C-74EB-47AF-A884-B4BC1FABAC8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9FB9DCFC-8E33-4BCF-84F2-14B830964F85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A833F364-3523-468A-9370-1F12DBFAB485}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BE0B9DA1-7648-419B-8C36-55A8148D34D9}" = protocol=6 | dir=in | app=c:\users\iris\appdata\roaming\dropbox\bin\dropbox.exe |
"{D3BE2330-E15B-4569-9534-8867153CACBF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5E941CF-602E-4948-827E-B50ACEA9CA8D}" = protocol=17 | dir=in | app=c:\users\iris\appdata\roaming\dropbox\bin\dropbox.exe |
"{F42ABD64-1C6B-42B0-A2DD-231697BCA07A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F8815926-BAC1-4D33-9E97-E14A34F12E1C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF12B21D-6784-4554-B5AC-3B159676D859}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3862C2B2-FB71-41A5-B826-15B1A7A1E38E}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |
"TCP Query User{4441A7E6-ACDF-4FD5-8DFC-77046D36E346}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{42D3C35A-4624-4721-B338-EC72DBFCB973}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{F43410D9-ADC0-40B6-A0D7-E54B75EBEECF}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5E79DDFB-8AE6-E4B5-8A24-D358C2F2E349}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EEAA321A-E086-C093-70E0-01E66F1491D9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{023FADD0-F5EC-1E92-4AB5-0FCE3579C0C9}" = CCC Help Chinese Standard
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1AEAB063-151F-74F9-B8EC-2CF39257C39B}" = CCC Help English
"{1E80AF84-EAEC-53A3-D5D8-B7DD01F8AA23}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B83EB9-90A5-ABED-3256-1AEDC1A5A832}" = CCC Help Portuguese
"{23CAC9C6-F4E7-A978-46A7-8C6DC3EC0AAD}" = CCC Help Japanese
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2AFFABEB-13E5-47EF-53F7-826616982D2C}" = Catalyst Control Center Localization All
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4141D2C3-756B-1EF0-0977-B421B85F5870}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5522D1A6-98A7-C7A2-D7B9-A762AE4D09D8}" = PX Profile Update
"{5781F83C-13F4-C8C8-F8AD-15FEBE496BB0}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76901A74-50AA-0132-B4DB-CA522F9E71B2}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{949320FC-F3AE-72D3-11C8-4F50DA7067C8}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security
"{AE91C455-8C94-EB5A-0128-D7F44371B77E}" = ccc-core-static
"{B3114E23-91A6-DEF2-B8FB-5D782AF5439A}" = CCC Help Dutch
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{C72A9BF9-0746-A0F6-E23E-104392FC3EED}" = CCC Help German
"{D1143A4E-753F-4B70-B5C3-69156D57CC7B}" = Catalyst Control Center - Branding
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DF69DC26-5534-6CCF-7BD4-3314A67FA6CD}" = CCC Help French
"{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC19E668-785C-1F2A-1A25-266A46A5462C}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F39E5AF2-6A57-BA8E-21C4-B422B3CCBDE5}" = CCC Help Swedish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCare" = NetCare v5
"Office14.VISIOR" = Microsoft Visio Professional 2010
"ProInst" = Intel PROSet Wireless
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.03.2013 04:04:29 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 06.03.2013 04:04:31 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcSvc.exe, Version: 5.9.7.95, Zeitstempel:
0x50487c7e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000326d1 ID des fehlerhaften Prozesses:
0xa44 Startzeit der fehlerhaften Anwendung: 0x01ce1a4123d54c21 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 7927c826-8634-11e2-b321-fe52966cb672
Error - 06.03.2013 06:18:26 | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 06.03.2013 06:19:00 | Computer Name = Laptop | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 06.03.2013 06:19:03 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcSvc.exe, Version: 5.9.7.95, Zeitstempel:
0x50487c7e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000326d1 ID des fehlerhaften Prozesses:
0xa44 Startzeit der fehlerhaften Anwendung: 0x01ce1a53e9946afa Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 443b8f1c-8647-11e2-8afe-ae955a363f71
[ System Events ]
Error - 05.03.2013 11:15:52 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =
Error - 05.03.2013 13:17:36 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =
Error - 06.03.2013 04:04:10 | Computer Name = Laptop | Source = NetBT | ID = 4321
Description = Der Name "LAPTOP :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 141.47.152.215 registriert werden. Der Computer mit IP-Adresse 141.47.5.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 06.03.2013 04:04:50 | Computer Name = Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "AcSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 06.03.2013 04:04:52 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =
Error - 06.03.2013 04:05:17 | Computer Name = Laptop | Source = NetBT | ID = 4321
Description = Der Name "LAPTOP :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 141.47.152.215 registriert werden. Der Computer mit IP-Adresse 141.47.5.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 06.03.2013 06:17:59 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?03.?2013 um 11:09:50 unerwartet heruntergefahren.
Error - 06.03.2013 06:18:00 | Computer Name = LAPTOP | Source = BugCheck | ID = 1001
Description =
Error - 06.03.2013 06:19:19 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =
Error - 06.03.2013 06:19:18 | Computer Name = Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "AcSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
< End of report >
Gmer Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-06 19:03:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325ASG rev.0001SDM1 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\admin\AppData\Local\Temp\uxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe[4300] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe[4300] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1408:5220] 000007fef4279688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0542A91C-C700-4BB2-9C27-B2EFCBF67366}\Connection@Name isatap.{01DEA750-ACDA-4EA3-BBDD-07F393D6B722}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{E07EF951-BAFA-4B73-9BDE-8BFFD2F9395A}?\Device\{09AD829A-4797-4D5F-889B-5442B98F1B0C}?\Device\{0542A91C-C700-4BB2-9C27-B2EFCBF67366}?\Device\{CD5B6978-13B4-4634-AC4C-F0067C404ECB}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{E07EF951-BAFA-4B73-9BDE-8BFFD2F9395A}"?"{09AD829A-4797-4D5F-889B-5442B98F1B0C}"?"{0542A91C-C700-4BB2-9C27-B2EFCBF67366}"?"{CD5B6978-13B4-4634-AC4C-F0067C404ECB}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{E07EF951-BAFA-4B73-9BDE-8BFFD2F9395A}?\Device\TCPIP6TUNNEL_{09AD829A-4797-4D5F-889B-5442B98F1B0C}?\Device\TCPIP6TUNNEL_{0542A91C-C700-4BB2-9C27-B2EFCBF67366}?\Device\TCPIP6TUNNEL_{CD5B6978-13B4-4634-AC4C-F0067C404ECB}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234dfc7d4c
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0542A91C-C700-4BB2-9C27-B2EFCBF67366}@InterfaceName isatap.{01DEA750-ACDA-4EA3-BBDD-07F393D6B722}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0542A91C-C700-4BB2-9C27-B2EFCBF67366}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234dfc7d4c (not active ControlSet)
---- Files - GMER 2.1 ----
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen 0 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_05 Teaser Inhalte - Text.pptx 85337 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_05 Teaser.pptx 9922879 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_23 Teaser V2.pptx 252469 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_24 Teaser V3.pptx 6584498 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\2011_01_25 Teaser V4.pptx 6586801 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\01_Ansprache\01_Teaser bearb u nutzen\Teaser.wmv 21926788 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\02_Suche\2011_02 Fragen.xlsx 13354 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\2011_05_18 B.mm 5417 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\2012_01_27 A.docx 83369 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV 0 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\2011_03_24 A.docx 83059 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\2011_05_23 A.docx 52350 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\2011_09_07 A.docx 54516 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\2012_01_22 A.docx 74282 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\Fragebogen.docx 15328 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\ARCHIV\Fragen.dotx 74333 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\Version 2012_01_27 0 bytes
File C:\Windows.old\Users\Iris\Documents\SugarSync Shared Folders\fileserver@***\*** (2)\01_grundlegend\02_Aufnahme\03_Fragen\Version 2012_01_27 - Fragen.dotx 83558 bytes
---- EOF - GMER 2.1 ----
Herzlichen Dank schonmal für's Anschauen!
Viele Grüße
daime |
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
WARNUNG an die MITLESER: 