| |
| |||||||
Log-Analyse und Auswertung: HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.01.2013, 18:37
| #1 |
 |  HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Hallo Trojaner Board Bei mir hat Kaspersky Internet Security heute o.g. Trojaner gefunden, kann den aber nicht reparieren. Im detaillierten Bericht wird auf die Datei unter dem Pfad C:\dokumente und einstellungen\***\lokale einstellungen\temp\jar_cache2773876738019185789.tmp hingewiesen. Unter dem selben Pfad (temp-Folder) habe ich auch eine ähnliche Datei mit dem Namen jar_cache1283533027666644075.tmp (03.05.2010) gefunden, die aber von Kaspersky übergangen wird. User "balu123456" hat vor einer Woche den Thread "Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic" eröffnet, und ich denke, wir haben ein ähnliches Problem. Habe aber bisher keine Maßnahmen ergriffen, da ich nicht sicher bin, ob ich mit den gleichen Mitteln weiterkomme. Ich bin eine technische Niete, also bitte seht es mir nach, wenn ich etwas vergessen oder ungenaue Angaben gemacht habe. Vielen Dank für Eure Hilfe!! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:10:08, on 20.01.2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ANIWConnService.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Programme\Aladdin\eToken\PKIClient\x32\eTSrv.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\D-Link\DWA-125 revA\AirGCFG.exe C:\Programme\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe C:\Programme\Ask.com\Updater\Updater.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe C:\Programme\Citrix\GoToMeeting\880\g2mstart.exe C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Citrix\GoToMeeting\880\g2mcomm.exe C:\Programme\Citrix\GoToMeeting\880\g2mlauncher.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.gmx.net/home R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.sbb.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von GMX R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Programme\D-Link\DWA-125 revA\AirGCFG.exe O4 - HKLM\..\Run: [eTMonitor] "C:\Programme\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Programme\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [GoToMeeting] "C:\Programme\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe O23 - Service: ETOKSRV (eTSrv) - Aladdin Knowledge Systems, Ltd. - C:\Programme\Aladdin\eToken\PKIClient\x32\eTSrv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programme\Skype\Updater\Updater.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 12914 bytes |
|
21.01.2013, 12:34
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt  Lesestoff:Bitte keine Hijackthis-Logfiles posten!!! Zitat:
Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
23.01.2013, 23:11
| #3 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Hi Cosinus,
__________________Danke für deine Antwort und sorry, dass ich keine brauchbaren Angaben gemacht hab.  defogger und otl versteh ich. Gmer-Scan läuft grad auf dem betroffenen PC: in Eurer Anleitung steht: "show all muss abgehakt sein" - bedeutet das, der Haken soll gesetzt sein oder eben nicht? Log in Kaspersky 2013 finde ich nicht. Im Quarantäne-Ordner wurde nichts abgelegt) Danke für Aufklärung und Hilfe! conbi |
|
24.01.2013, 09:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Zu GMER gibt es doch eine ausführliche Anleitung! => http://www.trojaner-board.de/74908-a...t-scanner.html
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.01.2013, 22:26
| #5 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Hi Cosinus, Danke, mit Bildanleitung hats dann auch bei mir funktioniert... Here we go! defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:24 on 23/01/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL: Code:
ATTFilter OTL logfile created on: 23.01.2013 22:25:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.25 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 74.76% Memory free 5.08 Gb Paging File | 4.21 Gb Available in Paging File | 82.81% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78.13 Gb Total Space | 34.89 Gb Free Space | 44.65% Space Free | Partition Type: NTFS Drive D: | 387.62 Gb Total Space | 387.55 Gb Free Space | 99.98% Space Free | Partition Type: NTFS Computer Name: DIGITEC-*** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.23 22:21:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2012.11.15 19:37:41 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe PRC - [2012.07.30 14:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012.06.12 21:34:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Programme\Citrix\GoToMeeting\880\g2mstart.exe PRC - [2012.06.12 21:34:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Programme\Citrix\GoToMeeting\880\g2mlauncher.exe PRC - [2012.06.12 21:34:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Programme\Citrix\GoToMeeting\880\g2mcomm.exe PRC - [2012.06.06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2009.12.31 10:17:32 | 000,230,752 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Programme\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe PRC - [2009.12.31 10:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Programme\Aladdin\eToken\PKIClient\x32\eTSrv.exe PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.05.04 14:46:06 | 001,683,456 | ---- | M] (D-Link Corp.) -- C:\Programme\D-Link\DWA-125 revA\AirGCFG.exe PRC - [2009.02.26 12:46:40 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.19 10:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 06:09:19 | 001,310,136 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2009.03.05 10:12:08 | 000,258,048 | ---- | M] () -- C:\WINDOWS\system32\wlanapp.dll MOD - [2009.02.27 15:41:25 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.02.27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2009.02.27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA MOD - [2009.02.26 12:46:40 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe MOD - [2009.02.09 17:26:10 | 000,315,392 | ---- | M] () -- C:\WINDOWS\system32\ANIOApi.dll MOD - [2009.02.09 17:26:10 | 000,315,392 | ---- | M] () -- C:\Programme\D-Link\DWA-125 revA\ANIOApi.dll MOD - [2009.01.18 14:50:01 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll MOD - [2008.11.12 14:54:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.03.29 14:11:10 | 000,217,088 | ---- | M] () -- C:\Programme\Aladdin\eToken\PKIClient\x32\QtXml4.dll MOD - [2007.03.27 19:06:46 | 000,131,072 | R--- | M] () -- C:\Programme\Aladdin\eToken\PKIClient\x32\plugins\imageformats\qjpeg1.dll MOD - [2007.03.27 19:04:00 | 005,529,600 | R--- | M] () -- C:\Programme\Aladdin\eToken\PKIClient\x32\QtGui4.dll MOD - [2007.03.27 19:04:00 | 001,466,368 | R--- | M] () -- C:\Programme\Aladdin\eToken\PKIClient\x32\QtCore4.dll ========== Services (SafeList) ========== SRV - [2013.01.20 11:54:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.11 22:41:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.15 19:37:41 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.11.12 19:53:07 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.31 10:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Auto | Running] -- C:\Programme\Aladdin\eToken\PKIClient\x32\eTSrv.exe -- (eTSrv) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.03.26 19:26:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.02.26 12:46:40 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2007.01.19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.11.15 19:37:53 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi) DRV - [2012.11.15 19:37:53 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.11.15 19:37:52 | 000,586,584 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2012.11.15 19:37:52 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.08.13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps) DRV - [2012.06.27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2010.01.25 14:56:26 | 000,115,712 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm) DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.04.15 13:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2009.02.09 17:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2008.07.29 16:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksifdh.sys -- (AKSIFDH) DRV - [2008.07.29 16:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksup.sys -- (AKSUP) DRV - [2008.06.25 17:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008.06.23 23:21:48 | 000,150,568 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv61xx.sys -- (mv61xx) DRV - [2008.05.20 10:53:00 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sbb.ch/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {757DF406-D25E-47AF-947B-534433A4561E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{2BBC3B9D-4AF9-43C2-8AEE-115CE3E12E1A}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{5DDA8725-6C36-4A97-BC85-8376C711A279}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{682007AC-9012-4599-967B-F9F51B28E65E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=46B4C26C-E671-45D8-961B-79739A2F0783&apn_sauid=49F60355-AF76-4B92-985F-DB670D90154B IE - HKCU\..\SearchScopes\{757DF406-D25E-47AF-947B-534433A4561E}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..extensions.enabledAddons: %7B2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9%7D:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.470 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.470 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.470 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=46B4C26C-E671-45D8-961B-79739A2F0783&apn_ptnrs=9M&apn_sauid=49F60355-AF76-4B92-985F-DB670D90154B&apn_dtid=OSJ000&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.22 14:17:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.22 14:17:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.22 14:17:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\anti_banner@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.22 14:17:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\online_banking@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.22 14:17:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.20 11:54:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.20 11:54:00 | 000,000,000 | ---D | M] [2009.03.15 12:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.12.14 06:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\sgymwk4t.default\extensions [2012.10.24 15:52:46 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\sgymwk4t.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2011.10.16 13:26:22 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\sgymwk4t.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0} [2012.12.14 06:01:43 | 002,151,598 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\sgymwk4t.default\extensions\firebug@software.joehewitt.com.xpi [2012.09.06 14:09:02 | 001,268,546 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\sgymwk4t.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.07.22 11:06:42 | 000,002,299 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\sgymwk4t.default\searchplugins\askcom.xml [2013.01.20 11:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.20 11:53:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.20 11:53:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.20 11:53:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.01.20 11:53:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013.01.20 11:53:48 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013.01.20 11:54:30 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.09.11 09:03:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.11 09:03:53 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.11 09:03:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.11 09:03:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.11 09:03:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.11 09:03:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Programme\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.) O4 - HKLM..\Run: [eTMonitor] C:\Programme\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [GoToMeeting] C:\Programme\Citrix\GoToMeeting\880\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.55.96 212.98.37.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B954F35-D852-4826-8AFC-EA782343BE30}: DhcpNameServer = 194.230.55.96 212.98.37.130 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.16 18:29:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4b79e030-1e7c-11de-9024-002354325a8b}\Shell - "" = AutoRun O33 - MountPoints2\{4b79e030-1e7c-11de-9024-002354325a8b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4b79e030-1e7c-11de-9024-002354325a8b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.23 22:21:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2013.01.21 21:50:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\ablegen [2013.01.21 21:49:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\trojaner [2013.01.20 18:05:43 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2013.01.20 18:05:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis [2013.01.20 11:53:41 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.03.26 14:25:48 | 001,228,360 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\InDesign_7_LS4.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.23 22:26:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.01.23 22:24:00 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2013.01.23 22:22:47 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\gmer-2.0.18444.exe [2013.01.23 22:21:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2013.01.23 22:20:37 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2013.01.23 22:09:00 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.23 21:41:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.23 21:06:57 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{5B954F35-D852-4826-8AFC-EA782343BE30} [2013.01.23 21:06:47 | 000,000,018 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{5B954F35-D852-4826-8AFC-EA782343BE30} [2013.01.23 21:06:39 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2013.01.23 21:06:35 | 000,203,188 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.23 21:06:32 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.23 21:06:31 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.23 21:06:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.20 18:05:43 | 000,002,008 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.lnk [2013.01.18 13:12:32 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.01.11 22:45:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.23 22:24:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2013.01.23 22:23:00 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\gmer-2.0.18444.exe [2013.01.23 22:20:55 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2013.01.20 18:05:43 | 000,002,008 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.lnk [2012.06.12 21:33:20 | 000,060,304 | ---- | C] () -- C:\Dokumente und Einstellungen\***\g2mdlhlpx.exe [2012.02.15 20:43:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.16 12:49:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe [2011.10.16 12:49:00 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll [2011.10.16 12:49:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll [2011.10.16 12:49:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll [2011.10.16 12:49:00 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll [2011.10.16 12:48:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2011.10.16 12:48:45 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll [2011.10.16 12:48:45 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys [2011.10.16 12:48:45 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys [2011.10.16 12:48:41 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe [2011.10.16 12:48:39 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll [2011.03.26 14:56:18 | 000,389,763 | ---- | C] () -- C:\Programme\Viktig om InDesign CS5.pdf [2011.03.26 14:56:18 | 000,386,221 | ---- | C] () -- C:\Programme\Vigtigt-fil til InDesign CS5.pdf [2011.03.26 14:56:18 | 000,383,217 | ---- | C] () -- C:\Programme\InDesign CS5 - Lueminut.pdf [2011.03.26 14:56:18 | 000,376,190 | ---- | C] () -- C:\Programme\Viktigt om InDesign CS5.pdf [2011.03.26 14:56:18 | 000,093,402 | ---- | C] () -- C:\Programme\Leia-me do InDesign CS5.pdf [2011.03.26 14:56:18 | 000,076,722 | ---- | C] () -- C:\Programme\InDesign CS5 — Lisez-moi.pdf [2011.03.26 14:56:18 | 000,073,314 | ---- | C] () -- C:\Programme\InDesign CS5 - Bitte lesen.pdf [2011.03.26 14:56:18 | 000,069,171 | ---- | C] () -- C:\Programme\Léame de InDesign CS5.pdf [2011.03.26 14:56:18 | 000,067,694 | ---- | C] () -- C:\Programme\Leggimi di InDesign CS5.pdf [2011.03.26 14:56:18 | 000,064,495 | ---- | C] () -- C:\Programme\Lees mij voor InDesign CS5.pdf [2011.03.26 14:25:49 | 970,396,551 | ---- | C] () -- C:\Programme\InDesign_7_LS4.7z [2010.05.16 19:30:51 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.10.01 09:06:27 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\setup_ldm.iss [2009.04.01 06:17:20 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.12.22 06:07:57 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.22 10:56:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask [2011.11.27 15:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bernina820 [2010.01.31 17:05:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1 [2009.08.02 15:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap [2011.03.26 15:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2009.06.06 13:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2010.01.31 17:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4982A2B2-A1A9-4911-9CE4-2B4981000AF7} [2009.12.29 10:49:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\com.adobe.ExMan [2009.09.29 15:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\com.snippely.6E4C758165F11BBEC90F106AA88CF53EB51547B1.1 [2009.07.01 04:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON [2012.09.06 21:30:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla [2010.11.14 22:33:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LLB [2009.03.15 12:23:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2009.04.11 18:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer ========== Purity Check ========== < End of report > Extras: Code:
ATTFilter OTL Extras logfile created on: 23.01.2013 22:25:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.25 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 74.76% Memory free
5.08 Gb Paging File | 4.21 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78.13 Gb Total Space | 34.89 Gb Free Space | 44.65% Space Free | Partition Type: NTFS
Drive D: | 387.62 Gb Total Space | 387.55 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Computer Name: DIGITEC-*** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1117:TCP" = 1117:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{3909BE71-2D8F-42D2-BA46-3831B60CFD0F}" = eToken PKI Client 5.1 SP1
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47B5BE0B-87DC-8903-743A-4D0A9D5AB22C}" = Snippely
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D6FB09F-3FFC-4758-A7B0-A74479F3A421}_is1" = BERNINA 820 Simulator V1.1
"{4DDEADA8-25B8-41CB-9989-8F16D50A8E9C}" = OMNIKEY 3x21 PC/SC Driver
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE83279-5FEA-4885-823A-B90C23A72DF0}" = D-Link Wireless 150 USB Adapter DWA-125
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6347401C-C260-4B30-9816-8F5A1419CC49}" = SafeSign
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"Akamai" = Akamai NetSession Interface Service
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.snippely.6E4C758165F11BBEC90F106AA88CF53EB51547B1.1" = Snippely
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Linthbanking" = Linthbanking
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"mv61xxDriver" = marvell 61xx
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinMerge_is1" = WinMerge 2.12.4
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
"GoToMeeting" = GoToMeeting 5.1.0.880
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2011 03:16:43 | Computer Name = DIGITEC-*** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.3.7034, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000116f4.
[ OSession Events ]
Error - 21.10.2011 12:58:28 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.10.2011 13:13:20 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.10.2011 13:14:59 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.10.2011 06:52:22 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.10.2011 10:18:06 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.10.2011 00:58:15 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.01.2013 11:51:08 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 20.01.2013 11:51:08 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 21.01.2013 16:20:12 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 21.01.2013 16:20:12 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 21.01.2013 16:20:12 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 23.01.2013 16:06:27 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 23.01.2013 16:06:27 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 23.01.2013 16:06:27 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 23.01.2013 16:06:36 | Computer Name = DIGITEC-*** | Source = SideBySide | ID = 16842810
Description = Syntaxfehler in der Manifest- oder Richtliniendatei "C:\Programme\Gemeinsame
Dateien\Adobe\ARM\1.0\AdobeARM.exe" in Zeile 0.
Error - 23.01.2013 16:06:36 | Computer Name = DIGITEC-*** | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
< End of report >
GMER: Code:
ATTFilter OTL Extras logfile created on: 23.01.2013 22:25:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.25 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 74.76% Memory free
5.08 Gb Paging File | 4.21 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78.13 Gb Total Space | 34.89 Gb Free Space | 44.65% Space Free | Partition Type: NTFS
Drive D: | 387.62 Gb Total Space | 387.55 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Computer Name: DIGITEC-*** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1117:TCP" = 1117:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{3909BE71-2D8F-42D2-BA46-3831B60CFD0F}" = eToken PKI Client 5.1 SP1
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47B5BE0B-87DC-8903-743A-4D0A9D5AB22C}" = Snippely
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D6FB09F-3FFC-4758-A7B0-A74479F3A421}_is1" = BERNINA 820 Simulator V1.1
"{4DDEADA8-25B8-41CB-9989-8F16D50A8E9C}" = OMNIKEY 3x21 PC/SC Driver
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE83279-5FEA-4885-823A-B90C23A72DF0}" = D-Link Wireless 150 USB Adapter DWA-125
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6347401C-C260-4B30-9816-8F5A1419CC49}" = SafeSign
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"Akamai" = Akamai NetSession Interface Service
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.snippely.6E4C758165F11BBEC90F106AA88CF53EB51547B1.1" = Snippely
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Linthbanking" = Linthbanking
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"mv61xxDriver" = marvell 61xx
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinMerge_is1" = WinMerge 2.12.4
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
"GoToMeeting" = GoToMeeting 5.1.0.880
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2011 03:16:43 | Computer Name = DIGITEC-*** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.3.7034, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000116f4.
[ OSession Events ]
Error - 21.10.2011 12:58:28 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.10.2011 13:13:20 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.10.2011 13:14:59 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.10.2011 06:52:22 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.10.2011 10:18:06 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.10.2011 00:58:15 | Computer Name = DIGITEC-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.01.2013 11:51:08 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 20.01.2013 11:51:08 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 21.01.2013 16:20:12 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 21.01.2013 16:20:12 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 21.01.2013 16:20:12 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 23.01.2013 16:06:27 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 23.01.2013 16:06:27 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 23.01.2013 16:06:27 | Computer Name = DIGITEC-*** | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 23.01.2013 16:06:36 | Computer Name = DIGITEC-*** | Source = SideBySide | ID = 16842810
Description = Syntaxfehler in der Manifest- oder Richtliniendatei "C:\Programme\Gemeinsame
Dateien\Adobe\ARM\1.0\AdobeARM.exe" in Zeile 0.
Error - 23.01.2013 16:06:36 | Computer Name = DIGITEC-*** | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
< End of report >
|
|
26.01.2013, 21:35
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdecktZitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ --> HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt |
|
27.01.2013, 08:36
| #7 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Das hab ich mir damals beim Kauf des PCs wohl von jemandem andrehen lassen. Bestätigt wahrscheinlich noch mehr, das ich eine Niete bin bei allem rund um den PC, was nicht die Anwendung betrifft... PC steht bei mir daheim. Wird nur privat genutzt von 2 Benutzern. Hab bisher ja immer am WE oder abends gepostet. Wenn es ein Firmen- oder Unirechner wäre, hätte ich mich auch tagsüber mal drum kümmern können. |
|
27.01.2013, 13:36
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2013, 21:54
| #9 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Hallo Cosinus, Hier die Logs. aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-27 21:13:34
-----------------------------
21:13:34.276 OS Version: Windows 5.1.2600 Service Pack 3
21:13:34.276 Number of processors: 2 586 0x170A
21:13:34.276 ComputerName: DIGITEC-*** UserName:
21:20:09.401 Initialze error C0000034 - driver not loaded
21:21:47.042 AVAST engine defs: 13012700
21:23:14.448 Service scanning
21:23:17.386 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
21:23:17.401 Service ACPIEC C:\WINDOWS\System32\Drivers\ACPIEC.sys **LOCKED** 32
21:23:17.448 Service adfs C:\WINDOWS\System32\Drivers\adfs.sys **LOCKED** 32
21:23:17.729 Service aec C:\WINDOWS\system32\drivers\aec.sys **LOCKED** 32
21:23:17.776 Service AFD C:\WINDOWS\System32\drivers\afd.sys **LOCKED** 32
21:23:18.104 Service AKSIFDH C:\WINDOWS\system32\DRIVERS\aksifdh.sys **LOCKED** 32
21:23:18.136 Service AKSUP C:\WINDOWS\system32\drivers\aksup.sys **LOCKED** 32
21:23:18.198 Service ANIO C:\WINDOWS\system32\ANIO.SYS **LOCKED** 32
21:23:18.292 Service Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys **LOCKED** 32
21:23:18.323 Service AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys **LOCKED** 32
21:23:18.354 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
21:23:18.386 Service Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys **LOCKED** 32
21:23:18.448 Service audstub C:\WINDOWS\system32\DRIVERS\audstub.sys **LOCKED** 32
21:23:18.542 Service Beep C:\WINDOWS\System32\Drivers\Beep.sys **LOCKED** 32
21:23:18.667 Service cbidf2k C:\WINDOWS\System32\Drivers\cbidf2k.sys **LOCKED** 32
21:23:18.667 Service Cdaudio C:\WINDOWS\System32\Drivers\Cdaudio.sys **LOCKED** 32
21:23:18.729 Service Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys **LOCKED** 32
21:23:18.808 Service cxbu0wdm C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys **LOCKED** 32
21:23:18.917 Service Disk C:\WINDOWS\system32\DRIVERS\disk.sys **LOCKED** 32
21:23:19.011 Service dmboot C:\WINDOWS\System32\drivers\dmboot.sys **LOCKED** 32
21:23:19.026 Service dmio C:\WINDOWS\System32\drivers\dmio.sys **LOCKED** 32
21:23:19.026 Service dmload C:\WINDOWS\System32\drivers\dmload.sys **LOCKED** 32
21:23:19.073 Service DMusic C:\WINDOWS\system32\drivers\DMusic.sys **LOCKED** 32
21:23:19.120 Service drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys **LOCKED** 32
21:23:19.167 Service ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys **LOCKED** 32
21:23:19.433 Service Fdc C:\WINDOWS\System32\Drivers\Fdc.sys **LOCKED** 32
21:23:19.464 Service Fips C:\WINDOWS\System32\Drivers\Fips.sys **LOCKED** 32
21:23:19.542 Service Flpydisk C:\WINDOWS\System32\Drivers\Flpydisk.sys **LOCKED** 32
21:23:19.589 Service Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys **LOCKED** 32
21:23:19.620 Service Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys **LOCKED** 32
21:23:19.745 Service HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys **LOCKED** 32
21:23:19.839 Service hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys **LOCKED** 32
21:23:19.917 Service HTTP C:\WINDOWS\System32\Drivers\HTTP.sys **LOCKED** 32
21:23:19.948 Service i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys **LOCKED** 32
21:23:19.964 Service Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys **LOCKED** 32
21:23:20.229 Service IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys **LOCKED** 32
21:23:20.245 Service intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys **LOCKED** 32
21:23:20.261 Service Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys **LOCKED** 32
21:23:20.292 Service IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys **LOCKED** 32
21:23:20.292 Service IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys **LOCKED** 32
21:23:20.339 Service IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys **LOCKED** 32
21:23:20.370 Service IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys **LOCKED** 32
21:23:20.386 Service IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys **LOCKED** 32
21:23:20.401 Service isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys **LOCKED** 32
21:23:20.526 Service Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys **LOCKED** 32
21:23:20.589 Service kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys **LOCKED** 32
21:23:20.651 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 32
21:23:20.667 Service klbg C:\WINDOWS\system32\drivers\klbg.sys **LOCKED** 32
21:23:20.745 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 32
21:23:20.776 Service klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys **LOCKED** 32
21:23:20.792 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 32
21:23:20.808 Service kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys **LOCKED** 32
21:23:20.854 Service kmixer C:\WINDOWS\system32\drivers\kmixer.sys **LOCKED** 32
21:23:20.901 Service kneps C:\WINDOWS\system32\DRIVERS\kneps.sys **LOCKED** 32
21:23:20.917 Service KSecDD C:\WINDOWS\System32\Drivers\KSecDD.sys **LOCKED** 32
21:23:20.964 Service L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys **LOCKED** 32
21:23:21.151 Service LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys **LOCKED** 32
21:23:21.198 Service LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys **LOCKED** 32
21:23:21.214 Service LUsbFilt C:\WINDOWS\System32\Drivers\LUsbFilt.Sys **LOCKED** 32
21:23:21.261 Service mnmdd C:\WINDOWS\System32\Drivers\mnmdd.sys **LOCKED** 32
21:23:21.308 Service Modem C:\WINDOWS\System32\Drivers\Modem.sys **LOCKED** 32
21:23:21.339 Service Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys **LOCKED** 32
21:23:21.354 Service mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys **LOCKED** 32
21:23:21.370 Service MountMgr C:\WINDOWS\System32\Drivers\MountMgr.sys **LOCKED** 32
21:23:21.604 Service MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys **LOCKED** 32
21:23:21.604 Service MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys **LOCKED** 32
21:23:21.620 Service MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys **LOCKED** 32
21:23:21.636 Service mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys **LOCKED** 32
21:23:21.651 Service MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys **LOCKED** 32
21:23:21.683 Service mv61xx C:\WINDOWS\system32\DRIVERS\mv61xx.sys **LOCKED** 32
21:23:21.745 Service NDIS C:\WINDOWS\System32\Drivers\NDIS.sys **LOCKED** 32
21:23:21.761 Service NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys **LOCKED** 32
21:23:21.792 Service Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys **LOCKED** 32
21:23:21.808 Service NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys **LOCKED** 32
21:23:21.839 Service NDProxy C:\WINDOWS\System32\Drivers\NDProxy.sys **LOCKED** 32
21:23:21.886 Service NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys **LOCKED** 32
21:23:21.995 Service NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys **LOCKED** 32
21:23:22.183 Service Null C:\WINDOWS\System32\Drivers\Null.sys **LOCKED** 32
21:23:22.542 Service nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys **LOCKED** 32
21:23:22.573 Service NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys **LOCKED** 32
21:23:22.589 Service NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys **LOCKED** 32
21:23:22.761 Service ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys **LOCKED** 32
21:23:22.839 Service Parport C:\WINDOWS\System32\Drivers\Parport.sys **LOCKED** 32
21:23:22.854 Service PartMgr C:\WINDOWS\System32\Drivers\PartMgr.sys **LOCKED** 32
21:23:22.870 Service ParVdm C:\WINDOWS\System32\Drivers\ParVdm.sys **LOCKED** 32
21:23:22.886 Service PCI C:\WINDOWS\system32\DRIVERS\pci.sys **LOCKED** 32
21:23:22.886 Service PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys **LOCKED** 32
21:23:22.917 Service Pcmcia C:\WINDOWS\System32\Drivers\Pcmcia.sys **LOCKED** 32
21:23:22.995 Service PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys **LOCKED** 32
21:23:23.011 Service PSched C:\WINDOWS\system32\DRIVERS\psched.sys **LOCKED** 32
21:23:23.026 Service Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys **LOCKED** 32
21:23:23.042 Service RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys **LOCKED** 32
21:23:23.089 Service Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys **LOCKED** 32
21:23:23.136 Service RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys **LOCKED** 32
21:23:23.136 Service Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys **LOCKED** 32
21:23:23.198 Service RDPCDD C:\WINDOWS\System32\DRIVERS\RDPCDD.sys **LOCKED** 32
21:23:23.214 Service rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys **LOCKED** 32
21:23:23.245 Service RDPWD C:\WINDOWS\System32\Drivers\RDPWD.sys **LOCKED** 32
21:23:23.292 Service redbook C:\WINDOWS\system32\DRIVERS\redbook.sys **LOCKED** 32
21:23:23.573 Service rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys **LOCKED** 32
21:23:23.667 Service Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys **LOCKED** 32
21:23:23.729 Service Serial C:\WINDOWS\System32\Drivers\Serial.sys **LOCKED** 32
21:23:23.729 Service Sfloppy C:\WINDOWS\System32\Drivers\Sfloppy.sys **LOCKED** 32
21:23:23.964 Service SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS **LOCKED** 32
21:23:23.995 Service splitter C:\WINDOWS\system32\drivers\splitter.sys **LOCKED** 32
21:23:24.214 Service swenum C:\WINDOWS\system32\DRIVERS\swenum.sys **LOCKED** 32
21:23:24.308 Service swmidi C:\WINDOWS\system32\drivers\swmidi.sys **LOCKED** 32
21:23:24.339 Service sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys **LOCKED** 32
21:23:24.464 Service Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys **LOCKED** 32
21:23:24.479 Service TDPIPE C:\WINDOWS\System32\Drivers\TDPIPE.sys **LOCKED** 32
21:23:24.495 Service TDTCP C:\WINDOWS\System32\Drivers\TDTCP.sys **LOCKED** 32
21:23:24.526 Service TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys **LOCKED** 32
21:23:24.761 Service Update C:\WINDOWS\system32\DRIVERS\update.sys **LOCKED** 32
21:23:24.823 Service usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys **LOCKED** 32
21:23:24.854 Service usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys **LOCKED** 32
21:23:24.870 Service usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys **LOCKED** 32
21:23:24.901 Service usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys **LOCKED** 32
21:23:24.917 Service usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys **LOCKED** 32
21:23:24.933 Service usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS **LOCKED** 32
21:23:24.948 Service usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys **LOCKED** 32
21:23:24.995 Service VgaSave C:\WINDOWS\System32\drivers\vga.sys **LOCKED** 32
21:23:25.011 Service VolSnap C:\WINDOWS\System32\Drivers\VolSnap.sys **LOCKED** 32
21:23:25.089 Service Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys **LOCKED** 32
21:23:25.151 Service Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys **LOCKED** 32
21:23:25.183 Service wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys **LOCKED** 32
21:23:26.026 Modules scanning
21:23:26.026 Disk 0 trace - called modules:
21:23:26.026
21:23:26.339 AVAST engine scan C:\WINDOWS
21:23:43.823 AVAST engine scan C:\WINDOWS\system32
21:24:44.245 AVAST engine scan C:\WINDOWS\system32\drivers
21:24:49.417 AVAST engine scan C:\Dokumente und Einstellungen\***
21:35:29.808 AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:36:30.964 Scan finished successfully
21:42:09.386 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR_original_mitName.txt"
TDSS-Killer: Code:
ATTFilter 21:42:48.0292 3240 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:42:48.0464 3240 ============================================================
21:42:48.0464 3240 Current date / time: 2013/01/27 21:42:48.0464
21:42:48.0464 3240 SystemInfo:
21:42:48.0464 3240
21:42:48.0464 3240 OS Version: 5.1.2600 ServicePack: 3.0
21:42:48.0464 3240 Product type: Workstation
21:42:48.0464 3240 ComputerName: DIGITEC-***
21:42:48.0464 3240 UserName: ***
21:42:48.0464 3240 Windows directory: C:\WINDOWS
21:42:48.0464 3240 System windows directory: C:\WINDOWS
21:42:48.0464 3240 Processor architecture: Intel x86
21:42:48.0464 3240 Number of processors: 2
21:42:48.0464 3240 Page size: 0x1000
21:42:48.0464 3240 Boot type: Normal boot
21:42:48.0464 3240 ============================================================
21:42:53.0917 3240 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:42:53.0948 3240 ============================================================
21:42:53.0948 3240 \Device\Harddisk0\DR0:
21:42:53.0948 3240 MBR partitions:
21:42:53.0948 3240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
21:42:53.0964 3240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x3073F22A
21:42:53.0964 3240 ============================================================
21:42:53.0995 3240 C: <-> \Device\Harddisk0\DR0\Partition1
21:42:54.0026 3240 D: <-> \Device\Harddisk0\DR0\Partition2
21:42:54.0026 3240 ============================================================
21:42:54.0026 3240 Initialize success
21:42:54.0026 3240 ============================================================
21:43:41.0339 3708 ============================================================
21:43:41.0339 3708 Scan started
21:43:41.0339 3708 Mode: Manual; SigCheck; TDLFS;
21:43:41.0339 3708 ============================================================
21:43:42.0495 3708 ================ Scan system memory ========================
21:43:42.0495 3708 System memory - ok
21:43:42.0495 3708 ================ Scan services =============================
21:43:42.0589 3708 Abiosdsk - ok
21:43:42.0589 3708 abp480n5 - ok
21:43:42.0604 3708 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:43:43.0464 3708 ACPI - ok
21:43:43.0495 3708 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:43:43.0573 3708 ACPIEC - ok
21:43:43.0589 3708 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
21:43:43.0604 3708 adfs - ok
21:43:43.0714 3708 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
21:43:43.0729 3708 Adobe Version Cue CS4 - ok
21:43:43.0776 3708 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:43:43.0792 3708 AdobeFlashPlayerUpdateSvc - ok
21:43:43.0792 3708 adpu160m - ok
21:43:43.0808 3708 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:43:43.0886 3708 aec - ok
21:43:43.0901 3708 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:43:43.0933 3708 AFD - ok
21:43:43.0933 3708 Aha154x - ok
21:43:43.0933 3708 aic78u2 - ok
21:43:43.0933 3708 aic78xx - ok
21:43:44.0026 3708 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll
21:43:44.0026 3708 Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
21:43:44.0026 3708 Akamai ( HiddenFile.Multi.Generic ) - warning
21:43:44.0026 3708 Akamai - detected HiddenFile.Multi.Generic (1)
21:43:44.0058 3708 [ CABBAE3643304B22269B200248BDBE77 ] AKSIFDH C:\WINDOWS\system32\DRIVERS\aksifdh.sys
21:43:44.0073 3708 AKSIFDH - ok
21:43:44.0089 3708 [ 6D657B9517F8C8EA55BD306E3C1BCFBC ] AKSUP C:\WINDOWS\system32\drivers\aksup.sys
21:43:44.0089 3708 AKSUP - ok
21:43:44.0120 3708 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:43:44.0167 3708 Alerter - ok
21:43:44.0183 3708 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:43:44.0214 3708 ALG - ok
21:43:44.0229 3708 AliIde - ok
21:43:44.0229 3708 amsint - ok
21:43:44.0245 3708 [ 2953A157A783BFC06F42F99FEFA5EB07 ] ANIO C:\WINDOWS\system32\ANIO.SYS
21:43:44.0276 3708 ANIO ( UnsignedFile.Multi.Generic ) - warning
21:43:44.0276 3708 ANIO - detected UnsignedFile.Multi.Generic (1)
21:43:44.0276 3708 [ 2D007966BB8A6C89433766E3D682BBEC ] ANIWConnService C:\WINDOWS\system32\ANIWConnService.exe
21:43:44.0276 3708 ANIWConnService ( UnsignedFile.Multi.Generic ) - warning
21:43:44.0276 3708 ANIWConnService - detected UnsignedFile.Multi.Generic (1)
21:43:44.0323 3708 [ AA3D68F26B2A27F660AFC46039B061A4 ] ANIWZCSdService C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
21:43:44.0323 3708 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - warning
21:43:44.0323 3708 ANIWZCSdService - detected UnsignedFile.Multi.Generic (1)
21:43:44.0339 3708 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:43:44.0370 3708 AppMgmt - ok
21:43:44.0386 3708 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:43:44.0433 3708 Arp1394 - ok
21:43:44.0448 3708 asc - ok
21:43:44.0448 3708 asc3350p - ok
21:43:44.0448 3708 asc3550 - ok
21:43:44.0464 3708 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:43:44.0526 3708 AsyncMac - ok
21:43:44.0542 3708 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:43:44.0604 3708 atapi - ok
21:43:44.0604 3708 Atdisk - ok
21:43:44.0620 3708 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:43:44.0698 3708 Atmarpc - ok
21:43:44.0698 3708 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:43:44.0761 3708 AudioSrv - ok
21:43:44.0792 3708 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:43:44.0839 3708 audstub - ok
21:43:44.0886 3708 AVP - ok
21:43:44.0901 3708 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:43:44.0979 3708 Beep - ok
21:43:44.0995 3708 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:43:45.0073 3708 BITS - ok
21:43:45.0089 3708 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:43:45.0120 3708 Browser - ok
21:43:45.0136 3708 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:43:45.0198 3708 cbidf2k - ok
21:43:45.0198 3708 cd20xrnt - ok
21:43:45.0198 3708 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:43:45.0261 3708 Cdaudio - ok
21:43:45.0276 3708 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:43:45.0323 3708 Cdfs - ok
21:43:45.0354 3708 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:43:45.0417 3708 Cdrom - ok
21:43:45.0417 3708 Changer - ok
21:43:45.0433 3708 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:43:45.0495 3708 CiSvc - ok
21:43:45.0495 3708 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:43:45.0558 3708 ClipSrv - ok
21:43:45.0558 3708 CmdIde - ok
21:43:45.0558 3708 COMSysApp - ok
21:43:45.0558 3708 Cpqarray - ok
21:43:45.0558 3708 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:43:45.0620 3708 CryptSvc - ok
21:43:45.0636 3708 [ 0A33FAF49AF96D5B220D86AC784D0869 ] cxbu0wdm C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
21:43:45.0651 3708 cxbu0wdm - ok
21:43:45.0651 3708 dac2w2k - ok
21:43:45.0651 3708 dac960nt - ok
21:43:45.0683 3708 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:43:45.0714 3708 DcomLaunch - ok
21:43:45.0729 3708 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:43:45.0792 3708 Dhcp - ok
21:43:45.0792 3708 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:43:45.0854 3708 Disk - ok
21:43:45.0854 3708 dmadmin - ok
21:43:45.0886 3708 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:43:45.0948 3708 dmboot - ok
21:43:45.0964 3708 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:43:46.0026 3708 dmio - ok
21:43:46.0026 3708 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:43:46.0089 3708 dmload - ok
21:43:46.0089 3708 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:43:46.0151 3708 dmserver - ok
21:43:46.0183 3708 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:43:46.0229 3708 DMusic - ok
21:43:46.0245 3708 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:43:46.0292 3708 Dnscache - ok
21:43:46.0292 3708 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:43:46.0370 3708 Dot3svc - ok
21:43:46.0370 3708 dpti2o - ok
21:43:46.0370 3708 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:43:46.0433 3708 drmkaud - ok
21:43:46.0433 3708 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:43:46.0479 3708 EapHost - ok
21:43:46.0511 3708 [ 16EBD8BF1D5090923694CC972C7CE1B4 ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
21:43:46.0526 3708 ENTECH - ok
21:43:46.0526 3708 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:43:46.0589 3708 ERSvc - ok
21:43:46.0636 3708 [ 01C5FEDCC98721D61A74BC4CF054AFB0 ] eTSrv C:\Programme\Aladdin\eToken\PKIClient\x32\eTSrv.exe
21:43:46.0651 3708 eTSrv - ok
21:43:46.0683 3708 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:43:46.0683 3708 Eventlog - ok
21:43:46.0714 3708 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:43:46.0729 3708 EventSystem - ok
21:43:46.0761 3708 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:43:46.0823 3708 Fastfat - ok
21:43:46.0854 3708 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:43:46.0886 3708 FastUserSwitchingCompatibility - ok
21:43:46.0917 3708 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:43:46.0964 3708 Fdc - ok
21:43:46.0995 3708 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:43:47.0058 3708 Fips - ok
21:43:47.0089 3708 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:43:47.0120 3708 FLEXnet Licensing Service - ok
21:43:47.0120 3708 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:43:47.0183 3708 Flpydisk - ok
21:43:47.0214 3708 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:43:47.0276 3708 FltMgr - ok
21:43:47.0292 3708 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:43:47.0339 3708 Fs_Rec - ok
21:43:47.0354 3708 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:43:47.0401 3708 Ftdisk - ok
21:43:47.0417 3708 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:43:47.0479 3708 Gpc - ok
21:43:47.0526 3708 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
21:43:47.0526 3708 gupdate - ok
21:43:47.0542 3708 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:43:47.0542 3708 gupdatem - ok
21:43:47.0573 3708 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:43:47.0620 3708 HDAudBus - ok
21:43:47.0651 3708 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:43:47.0714 3708 helpsvc - ok
21:43:47.0729 3708 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
21:43:47.0792 3708 HidServ - ok
21:43:47.0823 3708 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:43:47.0870 3708 hidusb - ok
21:43:47.0901 3708 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:43:47.0964 3708 hkmsvc - ok
21:43:47.0964 3708 hpn - ok
21:43:47.0995 3708 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:43:48.0011 3708 HTTP - ok
21:43:48.0026 3708 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:43:48.0089 3708 HTTPFilter - ok
21:43:48.0089 3708 i2omgmt - ok
21:43:48.0089 3708 i2omp - ok
21:43:48.0089 3708 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:43:48.0151 3708 i8042prt - ok
21:43:48.0151 3708 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:43:48.0214 3708 Imapi - ok
21:43:48.0229 3708 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:43:48.0292 3708 ImapiService - ok
21:43:48.0292 3708 ini910u - ok
21:43:48.0386 3708 [ 19AFBB8427CE65042599555E578170DF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:43:48.0511 3708 IntcAzAudAddService - ok
21:43:48.0511 3708 IntelIde - ok
21:43:48.0526 3708 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:43:48.0589 3708 intelppm - ok
21:43:48.0604 3708 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:43:48.0667 3708 Ip6Fw - ok
21:43:48.0683 3708 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:43:48.0745 3708 IpFilterDriver - ok
21:43:48.0745 3708 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:43:48.0808 3708 IpInIp - ok
21:43:48.0823 3708 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:43:48.0886 3708 IpNat - ok
21:43:48.0901 3708 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:43:48.0964 3708 IPSec - ok
21:43:48.0979 3708 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:43:49.0011 3708 IRENUM - ok
21:43:49.0026 3708 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:43:49.0089 3708 isapnp - ok
21:43:49.0151 3708 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
21:43:49.0167 3708 JavaQuickStarterService - ok
21:43:49.0198 3708 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:43:49.0245 3708 Kbdclass - ok
21:43:49.0245 3708 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:43:49.0323 3708 kbdhid - ok
21:43:49.0339 3708 [ EA26CB00F83686856F2C79673C00C686 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
21:43:49.0354 3708 KL1 - ok
21:43:49.0370 3708 [ 53EEDAB3F0511321AC3AE8BC968B158C ] klbg C:\WINDOWS\system32\drivers\klbg.sys
21:43:49.0370 3708 klbg - ok
21:43:49.0401 3708 [ 3D23639C3FDBC082AF7016A5C8829329 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
21:43:49.0417 3708 KLIF - ok
21:43:49.0433 3708 [ 05E5504E5E06F75F18BBEA7291601FE2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
21:43:49.0448 3708 klim5 - ok
21:43:49.0464 3708 [ 7BE035A9C20F357DC765D6C7FDCDC964 ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
21:43:49.0479 3708 klkbdflt - ok
21:43:49.0479 3708 [ A8234A8F67B0565F74753FE88A7BF03D ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
21:43:49.0495 3708 klmouflt - ok
21:43:49.0511 3708 [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys
21:43:49.0526 3708 kltdi - ok
21:43:49.0542 3708 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:43:49.0604 3708 kmixer - ok
21:43:49.0620 3708 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
21:43:49.0620 3708 kneps - ok
21:43:49.0636 3708 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:43:49.0683 3708 KSecDD - ok
21:43:49.0698 3708 [ 93E64BAB9DEE162CA0CA5258D132A047 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
21:43:49.0745 3708 L1e - ok
21:43:49.0776 3708 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:43:49.0792 3708 LanmanServer - ok
21:43:49.0823 3708 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:43:49.0854 3708 lanmanworkstation - ok
21:43:49.0854 3708 lbrtfdc - ok
21:43:49.0901 3708 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
21:43:49.0917 3708 LBTServ - ok
21:43:49.0933 3708 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:43:49.0948 3708 LHidFilt - ok
21:43:49.0964 3708 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:43:50.0042 3708 LmHosts - ok
21:43:50.0042 3708 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:43:50.0058 3708 LMouFilt - ok
21:43:50.0058 3708 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
21:43:50.0073 3708 LUsbFilt - ok
21:43:50.0089 3708 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:43:50.0167 3708 Messenger - ok
21:43:50.0183 3708 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:43:50.0245 3708 mnmdd - ok
21:43:50.0261 3708 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:43:50.0323 3708 mnmsrvc - ok
21:43:50.0339 3708 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:43:50.0417 3708 Modem - ok
21:43:50.0433 3708 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:43:50.0495 3708 Mouclass - ok
21:43:50.0495 3708 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:43:50.0558 3708 mouhid - ok
21:43:50.0573 3708 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:43:50.0636 3708 MountMgr - ok
21:43:50.0667 3708 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:43:50.0683 3708 MozillaMaintenance - ok
21:43:50.0683 3708 mraid35x - ok
21:43:50.0698 3708 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:43:50.0745 3708 MRxDAV - ok
21:43:50.0776 3708 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:43:50.0839 3708 MRxSmb - ok
21:43:50.0854 3708 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:43:50.0901 3708 MSDTC - ok
21:43:50.0901 3708 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:43:50.0964 3708 Msfs - ok
21:43:50.0964 3708 MSIServer - ok
21:43:50.0979 3708 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:43:51.0042 3708 MSKSSRV - ok
21:43:51.0042 3708 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:43:51.0104 3708 MSPCLOCK - ok
21:43:51.0104 3708 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:43:51.0183 3708 MSPQM - ok
21:43:51.0198 3708 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:43:51.0245 3708 mssmbios - ok
21:43:51.0261 3708 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:43:51.0292 3708 MTsensor - ok
21:43:51.0292 3708 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:43:51.0323 3708 Mup - ok
21:43:51.0323 3708 [ A95FED4C2FB11C79E7DDBE2EFF1919B5 ] mv61xx C:\WINDOWS\system32\DRIVERS\mv61xx.sys
21:43:51.0339 3708 mv61xx - ok
21:43:51.0370 3708 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:43:51.0433 3708 napagent - ok
21:43:51.0433 3708 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:43:51.0495 3708 NDIS - ok
21:43:51.0526 3708 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:43:51.0526 3708 NdisTapi - ok
21:43:51.0558 3708 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:43:51.0620 3708 Ndisuio - ok
21:43:51.0620 3708 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:43:51.0683 3708 NdisWan - ok
21:43:51.0683 3708 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:43:51.0714 3708 NDProxy - ok
21:43:51.0714 3708 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:43:51.0776 3708 NetBIOS - ok
21:43:51.0808 3708 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:43:51.0854 3708 NetBT - ok
21:43:51.0870 3708 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:43:51.0933 3708 NetDDE - ok
21:43:51.0933 3708 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:43:51.0995 3708 NetDDEdsdm - ok
21:43:52.0011 3708 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:43:52.0073 3708 Netlogon - ok
21:43:52.0073 3708 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:43:52.0136 3708 Netman - ok
21:43:52.0136 3708 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:43:52.0198 3708 NIC1394 - ok
21:43:52.0229 3708 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:43:52.0245 3708 Nla - ok
21:43:52.0245 3708 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:43:52.0308 3708 Npfs - ok
21:43:52.0323 3708 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:43:52.0401 3708 Ntfs - ok
21:43:52.0401 3708 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:43:52.0464 3708 NtLmSsp - ok
21:43:52.0464 3708 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:43:52.0542 3708 NtmsSvc - ok
21:43:52.0558 3708 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:43:52.0620 3708 Null - ok
21:43:52.0745 3708 [ 61BF339927F7A02C395F89FD8AD7CCFB ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:43:52.0917 3708 nv - ok
21:43:52.0933 3708 [ 45C2D5328DF5A613895CCBC5652D261F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:43:52.0964 3708 NVSvc - ok
21:43:52.0979 3708 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:43:53.0042 3708 NwlnkFlt - ok
21:43:53.0042 3708 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:43:53.0120 3708 NwlnkFwd - ok
21:43:53.0214 3708 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
21:43:53.0229 3708 odserv - ok
21:43:53.0245 3708 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:43:53.0308 3708 ohci1394 - ok
21:43:53.0354 3708 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:43:53.0370 3708 ose - ok
21:43:53.0386 3708 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:43:53.0448 3708 Parport - ok
21:43:53.0448 3708 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:43:53.0511 3708 PartMgr - ok
21:43:53.0526 3708 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:43:53.0589 3708 ParVdm - ok
21:43:53.0604 3708 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:43:53.0667 3708 PCI - ok
21:43:53.0667 3708 PCIDump - ok
21:43:53.0667 3708 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:43:53.0729 3708 PCIIde - ok
21:43:53.0761 3708 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:43:53.0823 3708 Pcmcia - ok
21:43:53.0823 3708 PDCOMP - ok
21:43:53.0823 3708 PDFRAME - ok
21:43:53.0823 3708 PDRELI - ok
21:43:53.0823 3708 PDRFRAME - ok
21:43:53.0823 3708 perc2 - ok
21:43:53.0823 3708 perc2hib - ok
21:43:53.0839 3708 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:43:53.0854 3708 PlugPlay - ok
21:43:53.0854 3708 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:43:53.0917 3708 PolicyAgent - ok
21:43:53.0933 3708 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:43:53.0995 3708 PptpMiniport - ok
21:43:53.0995 3708 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:43:54.0042 3708 ProtectedStorage - ok
21:43:54.0058 3708 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:43:54.0104 3708 PSched - ok
21:43:54.0104 3708 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:43:54.0167 3708 Ptilink - ok
21:43:54.0167 3708 ql1080 - ok
21:43:54.0167 3708 Ql10wnt - ok
21:43:54.0167 3708 ql12160 - ok
21:43:54.0167 3708 ql1240 - ok
21:43:54.0167 3708 ql1280 - ok
21:43:54.0183 3708 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:43:54.0245 3708 RasAcd - ok
21:43:54.0261 3708 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:43:54.0323 3708 RasAuto - ok
21:43:54.0323 3708 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:43:54.0386 3708 Rasl2tp - ok
21:43:54.0401 3708 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:43:54.0464 3708 RasMan - ok
21:43:54.0464 3708 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:43:54.0526 3708 RasPppoe - ok
21:43:54.0526 3708 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:43:54.0589 3708 Raspti - ok
21:43:54.0604 3708 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:43:54.0667 3708 Rdbss - ok
21:43:54.0667 3708 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:43:54.0729 3708 RDPCDD - ok
21:43:54.0745 3708 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:43:54.0792 3708 rdpdr - ok
21:43:54.0823 3708 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:43:54.0839 3708 RDPWD - ok
21:43:54.0854 3708 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:43:54.0917 3708 RDSessMgr - ok
21:43:54.0933 3708 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:43:54.0979 3708 redbook - ok
21:43:54.0995 3708 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:43:55.0073 3708 RemoteAccess - ok
21:43:55.0089 3708 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:43:55.0151 3708 RemoteRegistry - ok
21:43:55.0183 3708 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:43:55.0229 3708 RpcLocator - ok
21:43:55.0245 3708 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:43:55.0276 3708 RpcSs - ok
21:43:55.0292 3708 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:43:55.0354 3708 RSVP - ok
21:43:55.0386 3708 [ A6886CAF9D03DADE7144171E471ECA6F ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
21:43:55.0417 3708 rt2870 - ok
21:43:55.0433 3708 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:43:55.0495 3708 SamSs - ok
21:43:55.0526 3708 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:43:55.0573 3708 SCardSvr - ok
21:43:55.0604 3708 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:43:55.0667 3708 Schedule - ok
21:43:55.0698 3708 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:43:55.0729 3708 Secdrv - ok
21:43:55.0729 3708 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:43:55.0792 3708 seclogon - ok
21:43:55.0792 3708 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:43:55.0854 3708 SENS - ok
21:43:55.0886 3708 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:43:55.0933 3708 Serial - ok
21:43:55.0948 3708 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:43:55.0995 3708 Sfloppy - ok
21:43:56.0026 3708 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:43:56.0120 3708 SharedAccess - ok
21:43:56.0120 3708 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:43:56.0136 3708 ShellHWDetection - ok
21:43:56.0136 3708 Simbad - ok
21:43:56.0183 3708 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
21:43:56.0198 3708 SkypeUpdate - ok
21:43:56.0214 3708 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:43:56.0276 3708 SONYPVU1 - ok
21:43:56.0276 3708 Sparrow - ok
21:43:56.0292 3708 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:43:56.0354 3708 splitter - ok
21:43:56.0370 3708 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:43:56.0386 3708 Spooler - ok
21:43:56.0401 3708 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:43:56.0433 3708 sr - ok
21:43:56.0448 3708 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:43:56.0479 3708 srservice - ok
21:43:56.0495 3708 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:43:56.0526 3708 Srv - ok
21:43:56.0558 3708 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:43:56.0589 3708 SSDPSRV - ok
21:43:56.0604 3708 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:43:56.0683 3708 stisvc - ok
21:43:56.0683 3708 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:43:56.0745 3708 swenum - ok
21:43:56.0792 3708 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
21:43:56.0823 3708 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:43:56.0823 3708 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:43:56.0823 3708 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:43:56.0901 3708 swmidi - ok
21:43:56.0901 3708 SwPrv - ok
21:43:56.0901 3708 symc810 - ok
21:43:56.0901 3708 symc8xx - ok
21:43:56.0901 3708 sym_hi - ok
21:43:56.0901 3708 sym_u3 - ok
21:43:56.0901 3708 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:43:56.0964 3708 sysaudio - ok
21:43:56.0979 3708 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:43:57.0058 3708 SysmonLog - ok
21:43:57.0089 3708 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:43:57.0198 3708 TapiSrv - ok
21:43:57.0276 3708 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:43:57.0339 3708 Tcpip - ok
21:43:57.0354 3708 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:43:57.0417 3708 TDPIPE - ok
21:43:57.0448 3708 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:43:57.0511 3708 TDTCP - ok
21:43:57.0526 3708 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:43:57.0589 3708 TermDD - ok
21:43:57.0604 3708 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:43:57.0667 3708 TermService - ok
21:43:57.0698 3708 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:43:57.0698 3708 Themes - ok
21:43:57.0714 3708 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:43:57.0761 3708 TlntSvr - ok
21:43:57.0761 3708 TosIde - ok
21:43:57.0761 3708 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:43:57.0823 3708 TrkWks - ok
21:43:57.0823 3708 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:43:57.0886 3708 Udfs - ok
21:43:57.0886 3708 ultra - ok
21:43:57.0917 3708 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:43:57.0979 3708 Update - ok
21:43:57.0995 3708 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:43:58.0042 3708 upnphost - ok
21:43:58.0058 3708 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:43:58.0120 3708 UPS - ok
21:43:58.0136 3708 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:43:58.0183 3708 usbccgp - ok
21:43:58.0214 3708 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:43:58.0261 3708 usbehci - ok
21:43:58.0276 3708 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:43:58.0339 3708 usbhub - ok
21:43:58.0354 3708 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:43:58.0417 3708 usbprint - ok
21:43:58.0448 3708 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:43:58.0511 3708 usbscan - ok
21:43:58.0526 3708 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:43:58.0589 3708 usbstor - ok
21:43:58.0620 3708 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:43:58.0667 3708 usbuhci - ok
21:43:58.0683 3708 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:43:58.0761 3708 VgaSave - ok
21:43:58.0761 3708 ViaIde - ok
21:43:58.0776 3708 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:43:58.0839 3708 VolSnap - ok
21:43:58.0854 3708 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:43:58.0886 3708 VSS - ok
21:43:58.0901 3708 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:43:58.0964 3708 W32Time - ok
21:43:58.0979 3708 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:43:59.0042 3708 Wanarp - ok
21:43:59.0073 3708 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:43:59.0089 3708 Wdf01000 - ok
21:43:59.0089 3708 WDICA - ok
21:43:59.0104 3708 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:43:59.0151 3708 wdmaud - ok
21:43:59.0167 3708 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:43:59.0229 3708 WebClient - ok
21:43:59.0276 3708 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:43:59.0323 3708 winmgmt - ok
21:43:59.0339 3708 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
21:43:59.0401 3708 WmdmPmSN - ok
21:43:59.0417 3708 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:43:59.0448 3708 Wmi - ok
21:43:59.0464 3708 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:43:59.0526 3708 WmiApSrv - ok
21:43:59.0542 3708 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:43:59.0620 3708 wscsvc - ok
21:43:59.0651 3708 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:43:59.0698 3708 wuauserv - ok
21:43:59.0729 3708 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:43:59.0808 3708 WZCSVC - ok
21:43:59.0823 3708 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:43:59.0886 3708 xmlprov - ok
21:43:59.0886 3708 ================ Scan global ===============================
21:43:59.0917 3708 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:43:59.0948 3708 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:43:59.0948 3708 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:43:59.0948 3708 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:43:59.0948 3708 [Global] - ok
21:43:59.0948 3708 ================ Scan MBR ==================================
21:43:59.0964 3708 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:44:00.0198 3708 \Device\Harddisk0\DR0 - ok
21:44:00.0198 3708 ================ Scan VBR ==================================
21:44:00.0198 3708 [ 47E0CC1A6D04BE10421153B192D7E057 ] \Device\Harddisk0\DR0\Partition1
21:44:00.0198 3708 \Device\Harddisk0\DR0\Partition1 - ok
21:44:00.0229 3708 [ 8ED8C729A597F6455D2442F8E4817A9D ] \Device\Harddisk0\DR0\Partition2
21:44:00.0229 3708 \Device\Harddisk0\DR0\Partition2 - ok
21:44:00.0229 3708 ============================================================
21:44:00.0229 3708 Scan finished
21:44:00.0229 3708 ============================================================
21:44:00.0339 2492 Detected object count: 5
21:44:00.0339 2492 Actual detected object count: 5
21:44:57.0479 2492 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:44:57.0479 2492 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:44:57.0479 2492 ANIO ( UnsignedFile.Multi.Generic ) - skipped by user
21:44:57.0479 2492 ANIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:44:57.0479 2492 ANIWConnService ( UnsignedFile.Multi.Generic ) - skipped by user
21:44:57.0479 2492 ANIWConnService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:44:57.0479 2492 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - skipped by user
21:44:57.0479 2492 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:44:57.0479 2492 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:44:57.0479 2492 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
conbi |
|
28.01.2013, 12:00
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Bitte aswMBR nochmal richtig machen, irgendwas lief da schief
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 22:06
| #11 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Hi Cosinus, Hab aswMBR nochmal runtergeladen und neu gemacht. Hier der Scan. Hoffe, der ist brauchbar! Danke und Gruß aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-28 21:56:31
-----------------------------
21:56:31.156 OS Version: Windows 5.1.2600 Service Pack 3
21:56:31.156 Number of processors: 2 586 0x170A
21:56:31.156 ComputerName: DIGITEC-*** UserName:
21:58:50.359 Initialize success
21:59:00.375 AVAST engine defs: 13012700
21:59:35.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:59:35.812 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
21:59:35.828 Disk 0 MBR read successfully
21:59:35.828 Disk 0 MBR scan
21:59:35.828 Disk 0 Windows XP default MBR code
21:59:35.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
21:59:35.828 Disk 0 Partition - 00 0F Extended LBA 396926 MB offset 163846935
21:59:35.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 396926 MB offset 163846998
21:59:35.843 Disk 0 scanning sectors +976752000
21:59:35.890 Disk 0 scanning C:\WINDOWS\system32\drivers
21:59:39.484 Service scanning
21:59:43.140 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
21:59:43.156 Service klbg C:\WINDOWS\system32\drivers\klbg.sys **LOCKED** 5
21:59:43.234 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
21:59:43.281 Service klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
21:59:43.281 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
21:59:43.296 Service kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys **LOCKED** 5
21:59:43.359 Service kneps C:\WINDOWS\system32\DRIVERS\kneps.sys **LOCKED** 5
21:59:47.953 Modules scanning
21:59:50.625 Disk 0 trace - called modules:
21:59:50.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:59:50.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad64ab8]
21:59:50.656 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000071[0x8adccf18]
21:59:50.656 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad71940]
21:59:50.656 Scan finished successfully
22:00:37.968 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
22:00:37.968 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR_original_mitName_2.txt"
|
|
29.01.2013, 12:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Mir fällt gerade auf, dass du das GMER-Log immer noch nicht gepostet hast...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 05:49
| #13 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Hi Cosinus, Wie bescheuert von mir.... Danke für den Hinweis! Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-25 17:53:53
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD502IJ rev.1AA01113 465.76GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\***~1\LOKALE~1\Temp\uwtdypow.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB5BE555C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB5B81A82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB5B98962]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB5B81FFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB5B81EE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB5B98C88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xB5BE74D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xB5BE76F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB5BE85B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB5B8211A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB5BE7BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB5B98D56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB5BE737C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB5B929E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB5B941CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB5B81AC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB5BE569E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB5B939D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB5B9436A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB5BE5306]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB5B9351A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB5B93772]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB5BE83AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB5B97126]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB5B82090]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB5B81F70]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB5BE6F24]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB5BE885E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB5B821B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB5BE7912]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB5B92816]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB5B93FD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xB5B97332]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB5B93DCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB5BE8260]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB5B92AF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB5B93168]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB5B98F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB5B98E24]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePortEx [0xB5B98EDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB5B99006]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB5B9336E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB5BE7F8C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB5B92C9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xB5B92E30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xB5B92FCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB5B98AF0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB5BE80E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB5B8223A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB5BE5410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB5B93B96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB5BE70C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB5BE7E34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB5B8224C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB5BE7224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB5BE7AB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB5BE89C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB5BE86F0]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C94 8050458C 12 Bytes [88, 8C, B9, B5, D6, 74, BE, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D65 8050465D 7 Bytes [35, B9, B5, 72, 37, B9, B5]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E5D 80504755 7 Bytes [28, B9, B5, D8, 3F, B9, B5]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EDC 805047D4 20 Bytes [F6, 2A, B9, B5, 68, 31, B9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 8050480C 20 Bytes [8C, 7F, BE, B5, 9A, 2C, B9, ...]
.text ...
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8A2E360, 0x34CDBF, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\aksifdh.sys entry point in "init" section [0xBA261090]
---- User code sections - GMER 2.0 ----
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6CD01A54 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] USER32.dll!AlignRects 7E362A78 4 Bytes [53, 2A, D0, 6C] {PUSH EBX; SUB DL, AL; INS BYTE [ES:EDI], DX}
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6CD01A54 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] USER32.dll!AlignRects 7E362A78 4 Bytes [53, 2A, D0, 6C] {PUSH EBX; SUB DL, AL; INS BYTE [ES:EDI], DX}
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0520
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF058C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0664
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFF0E68
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 7DFF0B74
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[336] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0520
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF058C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0664
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFF0E68
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtTerminateProcess] 7DFF0B74
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!HeapCreate] 7DFF0448
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!HeapDestroy] 7DFF04B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] 7DFF0298
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] 7DFF022C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF03DC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1968] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
---- EOF - GMER 2.0 ----
|
|
31.01.2013, 11:29
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2013, 00:09
| #15 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt Hi Cosinus, Bin wieder mal nicht sicher, ob alles richtig gelaufen ist... Konnte nach dem Start der mbar.exe nur auf "Scan" drücken, nicht auf CleanUp (war ausgegraut). Nach dem Scan hiess es, "no malware found - no cleanup necessary" und CleanUp war nicht möglich... mbar-log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.01.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
*** :: DIGITEC-*** [administrator]
02.02.2013 00:01:11
mbar-log-2013-02-02 (00-01-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27410
Time elapsed: 11 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
| Themen zu HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt |
| akamai, bho, ebanking, firefox, flash player, google, heur, heur:exploit.java.cve-2012-0507.gen, heur:exploit.java.generic, hijack, hijackthis, hkus\s-1-5-18, hängen, internet, internet explorer, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, mozilla, plug-in, rojaner gefunden, security, senden, server, software, system, tastatur, trojaner, usb, windows, windows internet, windows xp |
Linear-Darstellung
