|
Plagegeister aller Art und deren Bekämpfung: HEUR:Exploit.Java.CVE-2012-0507.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.01.2013, 00:31 | #1 |
| HEUR:Exploit.Java.CVE-2012-0507.gen Hallo, ich habe gerstern ausversehen ein unbekanter email geöffnet,leider hat der Kaspersky die datei HEUR:Exploit.Java.CVE-2012-0507.gen gefunden .aber leider kann er das nicht löschen?ich habe auch die java cache gelöscht leider passiert auch nichts. wenn ich die datei direkt von den pfad löschen würde ,würde es klappen? C:\dokumente und einstellungen\......\anwendungsdaten\sun\java\deployment\cache\6.0\55 bitte um hilfe......danke im vorraus OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.01.2013 00:36:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\tester\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,92 Mb Total Physical Memory | 143,62 Mb Available Physical Memory | 14,16% Memory free 2,38 Gb Paging File | 1,41 Gb Available in Paging File | 59,31% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,66 Gb Total Space | 39,34 Gb Free Space | 50,02% Space Free | Partition Type: NTFS Drive D: | 70,39 Gb Total Space | 37,84 Gb Free Space | 53,76% Space Free | Partition Type: NTFS Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TESTER-FF2687B3 | User Name: tester | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-682003330-436374069-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htafile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5055:TCP" = 5055:TCP:*:Enabled:KinoniSvc "26654:UDP" = 26654:UDP:*:Enabled:UDP 26654 "28418:TCP" = 28418:TCP:*:Enabled:TCP 28418 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Voipwise.com\Voipwise\Voipwise.exe" = C:\Programme\Voipwise.com\Voipwise\Voipwise.exe:*:Enabled:Voipwise -- (Voipwise) "C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- () "C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Programme\Telbo.com\Telbo\Telbo.exe" = C:\Programme\Telbo.com\Telbo\Telbo.exe:*:Enabled:Telbo -- (Telbo) "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\Programme\Mobiola Web Camera for S60\webcam.exe" = C:\Programme\Mobiola Web Camera for S60\webcam.exe:*:Disabled:Mobiola Web Camera -- (Warelex LLC) "C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process -- (Nokia Corporation) "C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Disabled:Nokia Software Updater -- (Nokia Corporation) "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- (TVU networks) "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Programme\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Programme\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module "C:\WINDOWS\system32\SUPDSvc2.exe" = C:\WINDOWS\system32\SUPDSvc2.exe:*:Enabled:Samsung UPD Service2 -- (Samsung Electronics) "C:\Programme\Samsung\Samsung Universal Scan Driver\USDAgent.exe" = C:\Programme\Samsung\Samsung Universal Scan Driver\USDAgent.exe:*:Enabled:USDAgent -- (Samsung Electronics Co., Ltd.) "C:\Programme\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe" = C:\Programme\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe:*:Enabled:ICCUpdater -- (Samsung Electronics Co., Ltd.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited) "C:\Programme\Tango\Tango.exe" = C:\Programme\Tango\Tango.exe:*:Enabled:Tango -- (Tango Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4 "{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater "{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{9480CCD5-BB18-4DF3-AB18-04198B30DD62}" = DELISprint "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4 "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2 "{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}" = Atheros for Acer Driver 5.3.0.67_Foxconn Installation Program "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "AAA Logo 2008_is1" = AAA Logo 2008 2.10 "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500 "CanonMyPrinter" = Canon My Printer "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4 "FileZilla Client" = FileZilla Client 3.5.3 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013 "JTL-Wawi_is1" = JTL-Wawi "KinoniDrivers" = KinoniDrivers 2.7.1 "LManager" = Launch Manager "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mobiola Web Camera for S60_is1" = Mobiola Web Camera for S60 3.0 "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de) "Nokia Ovi Suite" = Nokia Ovi Suite "Notepad++" = Notepad++ "PdaNet_is1" = PdaNet Desktop for iPhone 1.54 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PSPad editor_is1" = PSPad editor "Reimage Repair" = Reimage Repair "Samsung Universal Print Driver" = Samsung Universal Print Driver "Samsung Universal Scan Driver" = Samsung Universal Scan Driver "Security Task Manager" = Security Task Manager 1.8d "Telbo_is1" = Telbo "Trojan Remover_is1" = Trojan Remover 6.8.5 "TrojanHunter_is1" = TrojanHunter 5.5 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "TVUPlayer" = TVUPlayer 2.5.3.1 "VLC media player" = VLC media player 1.1.3 "Voipwise_is1" = Voipwise "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Web_4.0.1303.0" = Microsoft Expression Web 4 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "xampp" = XAMPP 1.7.4 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0 "Zune" = Zune ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-682003330-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "b9df15fc60b2634b" = AliSetupInstaller "d990f8e25ff1ef0b" = PayPal Optimizer "Google Chrome" = Google Chrome "InternalFrameDemo" = InternalFrameDemo "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) "Tango" = Tango ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.01.2013 18:54:28 | Computer Name = TESTER-FF2687B3 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung msiexec.exe, Version 3.1.4001.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.01.2013 18:54:38 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Produkt: SpyHunter -- Fehler 1500. Eine andere Installation wird durchgeführt. Schließen Sie erst die andere Installation ab, bevor Sie mit dieser Installation fortfahren. Error - 21.01.2013 18:54:39 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Produkt: SpyHunter -- Fehler 1500. Eine andere Installation wird durchgeführt. Schließen Sie erst die andere Installation ab, bevor Sie mit dieser Installation fortfahren. Error - 21.01.2013 18:54:44 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Produkt: SpyHunter -- Fehler 1500. Eine andere Installation wird durchgeführt. Schließen Sie erst die andere Installation ab, bevor Sie mit dieser Installation fortfahren. Error - 21.01.2013 18:54:45 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Produkt: SpyHunter -- Fehler 1500. Eine andere Installation wird durchgeführt. Schließen Sie erst die andere Installation ab, bevor Sie mit dieser Installation fortfahren. Error - 21.01.2013 18:54:47 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Produkt: SpyHunter -- Fehler 1500. Eine andere Installation wird durchgeführt. Schließen Sie erst die andere Installation ab, bevor Sie mit dieser Installation fortfahren. Error - 21.01.2013 18:58:24 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Product: SpyHunter -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. Error - 21.01.2013 18:58:24 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Product: SpyHunter -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. Error - 21.01.2013 18:58:25 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Product: SpyHunter -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. Error - 21.01.2013 18:58:26 | Computer Name = TESTER-FF2687B3 | Source = MsiInstaller | ID = 11500 Description = Product: SpyHunter -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. [ System Events ] Error - 17.01.2013 06:24:31 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc. Error - 18.01.2013 04:17:28 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc. Error - 18.01.2013 04:17:52 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc. Error - 18.01.2013 10:51:23 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc. Error - 19.01.2013 10:45:54 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc. Error - 20.01.2013 13:17:06 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst W32Time. Error - 20.01.2013 16:58:06 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc. Error - 21.01.2013 04:41:20 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc. Error - 21.01.2013 05:01:52 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc. Error - 21.01.2013 12:51:01 | Computer Name = TESTER-FF2687B3 | Source = Service Control Manager | ID = 7034 Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. [ TuneUp Events ] Error - 25.09.2011 07:27:23 | Computer Name = TESTER-FF2687B3 | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 22.02.2012 10:45:54 | Computer Name = TESTER-FF2687B3 | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 08.05.2012 09:51:26 | Computer Name = TESTER-FF2687B3 | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.01.2013 00:36:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\tester\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,92 Mb Total Physical Memory | 143,62 Mb Available Physical Memory | 14,16% Memory free 2,38 Gb Paging File | 1,41 Gb Available in Paging File | 59,31% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,66 Gb Total Space | 39,34 Gb Free Space | 50,02% Space Free | Partition Type: NTFS Drive D: | 70,39 Gb Total Space | 37,84 Gb Free Space | 53,76% Space Free | Partition Type: NTFS Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TESTER-FF2687B3 | User Name: tester | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\tester\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe () PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\d1b7c4f7e4e2066a916d5d17e8855c90\Vodafone.Base.Internals.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\9fbded072a88001b2eaf9ede7ec474f2\Vodafone.Base.Factory.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\bc015d245490e18301843ece6439283c\Vodafone.SmsProfileManager.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\b42af20a1e9e74eaab92cd3e59d10c42\Vodafone.SettingsManager.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\0e486c5ab9d89ca2d324a1fbbec3f66c\Vodafone.DataAccessor.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\f31abe1eb14390c177fe9b2e88005278\Vodafone.NtServiceMessaging.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\78e5e876040377dc36fac4b7d52e30cb\MobileBroadbandResources.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\78871b9558d65835ff8d5e37011ccfed\Vodafone.Base.Win32.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\dacee6c086ee0155d1d554e1612e2399\Vodafone.Common.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\5ee7cb51ae37371b561bd87e9c36d32b\Vodafone.MobileBroadband.CallbackHandler.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\7a314d9c0ad97e2e9015e4b3e69dcac0\Vodafone.Base.Contracts.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\98498f2222b78851b0a7e0b1aff8888b\Vodafone.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\17ca03ca822f43ceff529cd4d655a86c\Vodafone.Platform.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\bb7f4a412578e23df457b66358531253\Vodafone.LogEngine.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll () MOD - C:\Programme\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe () MOD - C:\Programme\Kinoni\EpocCam_and_Barcode_drivers\EpocCam.ax () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll () MOD - C:\Programme\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll () MOD - C:\Programme\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll () MOD - C:\WINDOWS\system32\spd__l.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\WINDOWS\system32\SNXPWIA.dll () MOD - C:\WINDOWS\system32\SNXPEH.dll () MOD - C:\WINDOWS\system32\msdmo.dll () ========== Services (SafeList) ========== SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) SRV - (KinoniSvc) -- C:\Programme\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Samsung UPD Service2) -- C:\WINDOWS\system32\SUPDSvc2.exe (Samsung Electronics) SRV - (ZuneWlanCfgSvc) -- c:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- c:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (ZuneBusEnum) -- c:\Programme\Zune\ZuneBusEnum.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (VmbService) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (cpuz134) -- C:\DOKUME~1\tester\LOKALE~1\Temp\cpuz134\cpuz134_x32.sys File not found DRV - (Changer) -- File not found DRV - (aswMBR) -- C:\DOKUME~1\tester\LOKALE~1\Temp\aswMBR.sys File not found DRV - (as8lg45i) -- File not found DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kltdi) -- C:\WINDOWS\system32\drivers\kltdi.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\WINDOWS\system32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (kinonivd) -- C:\WINDOWS\system32\drivers\kinonivd.sys (Windows (R) Win 7 DDK provider) DRV - (KINONI_Wave) -- C:\WINDOWS\system32\drivers\kinonivad.sys (Windows (R) Win 7 DDK provider) DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (kneps) -- C:\WINDOWS\system32\drivers\kneps.sys (Kaspersky Lab) DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (mobiolavs) -- C:\WINDOWS\system32\drivers\mobiolavs.sys (SHAPE Services GmbH) DRV - (MOBIOLA_Wave) -- C:\WINDOWS\system32\drivers\mobiolawave.sys (SHAPE Services) DRV - (avmaudio) -- C:\WINDOWS\system32\drivers\avmaudio.sys (AVM Berlin) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (vodafone_K3805-z_dc_enum) -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone) DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.) DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation) DRV - (pnetmdm) -- C:\WINDOWS\system32\drivers\pnetmdm.sys (June Fabrics Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-682003330-436374069-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-682003330-436374069-839522115-1004\..\SearchScopes,DefaultScope = {F5F2E5D1-2489-479E-917A-BEB3EE735314} IE - HKU\S-1-5-21-682003330-436374069-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-682003330-436374069-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-682003330-436374069-839522115-1004\..\SearchScopes\{F5F2E5D1-2489-479E-917A-BEB3EE735314}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-682003330-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-682003330-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://http=127.0.0.1:61414 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: firebug@software.joehewitt.com:1.9.2 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 61414 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Programme\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\Binaries\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Dokumente und Einstellungen\tester\Anwendungsdaten\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.10.06 19:03:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2012.07.03 10:20:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 19:05:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 19:05:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 19:05:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.09 15:51:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.23 16:15:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.10.06 19:03:45 | 000,000,000 | ---D | M] [2010.11.24 17:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\Extensions [2013.01.21 20:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\Firefox\Profiles\l3nu9j8v.default\extensions [2010.11.24 17:30:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\Firefox\Profiles\l3nu9j8v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.20 16:11:55 | 001,335,949 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\Firefox\Profiles\l3nu9j8v.default\extensions\firebug@software.joehewitt.com.xpi [2012.11.05 23:07:04 | 001,268,546 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\Firefox\Profiles\l3nu9j8v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.01.21 20:59:45 | 000,189,829 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\Firefox\Profiles\l3nu9j8v.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.01.21 20:59:55 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\Firefox\Profiles\l3nu9j8v.default\searchplugins\sweetim.xml [2012.02.09 15:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.03 19:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.12.16 10:57:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.02.09 15:51:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.05.06 10:47:26 | 000,106,232 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npww.dll [2011.11.16 16:27:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.16 16:27:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.11.16 16:27:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.11.16 16:27:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.16 16:27:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.16 16:27:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: about:blank CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: about:blank CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: alibaba setup one click (Enabled) = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Programme\TVUPlayer\npTVUAx.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Modul zur Link-Untersuchung = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ O1 HOSTS File: ([2012.08.08 17:12:33 | 000,000,883 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 magento.localhost.com www.localhost.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [THGuard] C:\Programme\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security) O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\S-1-5-21-682003330-436374069-839522115-1004..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\FRITZ!DSL\\sarah.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351083618625 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282444596968 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://telepalast.dyndns.org/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D659DB84-B5A3-4B97-98D1-297D4C2E6E6D}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-682003330-436374069-839522115-1004 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2010.08.22 03:42:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.06.13 10:12:34 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1afe6442-c063-11e1-865b-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{1afe6442-c063-11e1-865b-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1afe6442-c063-11e1-865b-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{21fde0a6-0a0a-11e1-879e-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{21fde0a6-0a0a-11e1-879e-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21fde0a6-0a0a-11e1-879e-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{21fde0a7-0a0a-11e1-879e-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{21fde0a7-0a0a-11e1-879e-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21fde0a7-0a0a-11e1-879e-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{21fde0a8-0a0a-11e1-879e-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{21fde0a8-0a0a-11e1-879e-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21fde0a8-0a0a-11e1-879e-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{30bd8970-7d6d-11e0-873b-001b3877e097}\Shell - "" = AutoRun O33 - MountPoints2\{30bd8970-7d6d-11e0-873b-001b3877e097}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{30bd8970-7d6d-11e0-873b-001b3877e097}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{30bd8971-7d6d-11e0-873b-001b3877e097}\Shell - "" = AutoRun O33 - MountPoints2\{30bd8971-7d6d-11e0-873b-001b3877e097}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{30bd8971-7d6d-11e0-873b-001b3877e097}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3940f572-6119-11e0-872b-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{3940f572-6119-11e0-872b-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3940f572-6119-11e0-872b-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3940f575-6119-11e0-872b-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{3940f575-6119-11e0-872b-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3940f575-6119-11e0-872b-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3a83be41-2b26-11e2-89a9-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{3a83be41-2b26-11e2-89a9-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3a83be41-2b26-11e2-89a9-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{61d9cd00-0c7b-11e1-87a3-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{61d9cd00-0c7b-11e1-87a3-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{61d9cd00-0c7b-11e1-87a3-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{82852a62-eaa5-11e0-878d-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{82852a62-eaa5-11e0-878d-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{82852a62-eaa5-11e0-878d-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9212da41-2772-11e2-9bae-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{9212da41-2772-11e2-9bae-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9212da41-2772-11e2-9bae-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9212da42-2772-11e2-9bae-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{9212da42-2772-11e2-9bae-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9212da42-2772-11e2-9bae-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a25e875a-ad33-11e0-8762-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{a25e875a-ad33-11e0-8762-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a25e875a-ad33-11e0-8762-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a25e875b-ad33-11e0-8762-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{a25e875b-ad33-11e0-8762-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a25e875b-ad33-11e0-8762-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a28bd2d1-a26e-11e1-8a66-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{a28bd2d1-a26e-11e1-8a66-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a28bd2d1-a26e-11e1-8a66-001e4caab107}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{adfc676c-0a1c-11e1-879f-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{adfc676c-0a1c-11e1-879f-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfc676c-0a1c-11e1-879f-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b1308b40-c05f-11e1-9dfc-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{b1308b40-c05f-11e1-9dfc-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b1308b40-c05f-11e1-9dfc-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b1308b43-c05f-11e1-9dfc-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{b1308b43-c05f-11e1-9dfc-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b1308b43-c05f-11e1-9dfc-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b1308b45-c05f-11e1-9dfc-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{b1308b45-c05f-11e1-9dfc-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b1308b45-c05f-11e1-9dfc-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b519d732-a9e2-11e0-875d-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{b519d732-a9e2-11e0-875d-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b519d732-a9e2-11e0-875d-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d3a16554-ef59-11e0-878f-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{d3a16554-ef59-11e0-878f-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d3a16554-ef59-11e0-878f-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d3a52740-c4eb-11e1-88ad-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{d3a52740-c4eb-11e1-88ad-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d3a52740-c4eb-11e1-88ad-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d3a52741-c4eb-11e1-88ad-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{d3a52741-c4eb-11e1-88ad-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d3a52741-c4eb-11e1-88ad-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d3a52746-c4eb-11e1-88ad-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{d3a52746-c4eb-11e1-88ad-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d3a52746-c4eb-11e1-88ad-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{dbac2140-80cc-11e1-aaef-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{dbac2140-80cc-11e1-aaef-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dbac2140-80cc-11e1-aaef-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e33c6969-7ba6-11e1-b51b-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{e33c6969-7ba6-11e1-b51b-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e33c6969-7ba6-11e1-b51b-001e4caab107}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e33c696e-7ba6-11e1-b51b-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{e33c696e-7ba6-11e1-b51b-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e33c696e-7ba6-11e1-b51b-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f6e48bc3-40b4-11e2-9d69-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{f6e48bc3-40b4-11e2-9d69-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f6e48bc3-40b4-11e2-9d69-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f6e48bc4-40b4-11e2-9d69-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{f6e48bc4-40b4-11e2-9d69-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f6e48bc4-40b4-11e2-9d69-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fa38134a-0afa-11e1-87a2-001e4caab107}\Shell - "" = AutoRun O33 - MountPoints2\{fa38134a-0afa-11e1-87a2-001e4caab107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fa38134a-0afa-11e1-87a2-001e4caab107}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.22 00:35:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\tester\Desktop\OTL.exe [2013.01.22 00:09:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Reimage Repair [2013.01.22 00:09:29 | 000,000,000 | ---D | C] -- C:\rei [2013.01.22 00:09:21 | 000,000,000 | ---D | C] -- C:\Programme\Reimage [2013.01.21 23:51:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\DriverCure [2013.01.21 23:51:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\SpeedyPC Software [2013.01.21 23:51:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Startmenü\Programme\SpeedyPC Software [2013.01.21 23:51:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SpeedyPC Software [2013.01.21 23:50:56 | 000,000,000 | ---D | C] -- C:\Programme\SpeedyPC Software [2013.01.21 23:50:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedyPC Software [2013.01.21 23:36:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\tester\Recent [2013.01.21 23:32:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2013.01.21 23:32:52 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2013.01.21 23:32:19 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\tester\Desktop\ccsetup326.exe [2013.01.21 22:33:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.21 22:27:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TrojanHunter [2013.01.21 22:27:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrojanHunter [2013.01.21 22:18:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Simply Super Software [2013.01.21 22:17:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover [2013.01.21 22:17:48 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\ztv7z.dll [2013.01.21 22:17:47 | 000,077,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2013.01.21 21:31:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\TrojanHunter [2013.01.21 21:30:49 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2013.01.21 21:25:56 | 000,000,000 | ---D | C] -- C:\Programme\TrojanHunter 5.5 [2013.01.19 00:09:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Eigene Dateien\Neuer Ordner [2013.01.14 15:33:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Desktop\Neuer Ordner (2) [2013.01.11 22:29:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Eigene Dateien\Hz-Dateien [2013.01.02 21:16:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tester\Desktop\ebay en son 02022113 [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.22 00:44:01 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-436374069-839522115-1004UA.job [2013.01.22 00:42:34 | 001,110,476 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\7z920.exe [2013.01.22 00:40:32 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\Defogger.exe [2013.01.22 00:38:36 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\gmer-2.0.18444.exe [2013.01.22 00:36:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.22 00:35:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\tester\Desktop\OTL.exe [2013.01.22 00:10:35 | 000,000,162 | ---- | M] () -- C:\WINDOWS\reimage.ini [2013.01.22 00:10:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job [2013.01.22 00:09:30 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Scan & Repair by Reimage.lnk [2013.01.21 23:51:24 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job [2013.01.21 23:51:08 | 000,000,826 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\SpeedyPC Pro.lnk [2013.01.21 23:51:08 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job [2013.01.21 23:51:08 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job [2013.01.21 23:51:06 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job [2013.01.21 23:39:17 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-436374069-839522115-1004UA.job [2013.01.21 23:38:04 | 000,081,164 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Eigene Dateien\cc_20130121_233753.reg [2013.01.21 23:36:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.01.21 23:13:45 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.21 23:12:27 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.21 23:12:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.21 22:37:41 | 000,574,315 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\adwcleaner.exe [2013.01.21 22:32:29 | 013,462,931 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\mbar-1.01.0.1016.zip [2013.01.21 22:27:24 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll [2013.01.21 22:27:20 | 000,000,672 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\TrojanHunter.lnk [2013.01.21 20:39:39 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-436374069-839522115-1004Core.job [2013.01.21 19:51:42 | 000,104,396 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\Unbenannt111.JPG [2013.01.21 18:59:46 | 000,104,396 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Eigene Dateien\Unbenanntaaaa.JPG [2013.01.21 12:44:03 | 000,001,162 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-436374069-839522115-1004Core.job [2013.01.20 14:51:14 | 001,228,504 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\mtopcuaraaba.rar [2013.01.20 14:51:00 | 000,129,948 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\Unbenannt.JPG [2013.01.17 21:09:40 | 000,856,753 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\Hotmail.zip [2013.01.17 12:09:26 | 000,831,514 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\2013-01-17_16-59-11_643.jpg [2013.01.16 14:55:41 | 000,021,341 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\Varinat überweisung.pdf [2013.01.16 13:22:54 | 000,021,434 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\PB_Auslandsüberweisung_KtoNr0944398308_16-01-2013_1322.pdf [2013.01.12 16:50:50 | 000,131,061 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\1.JPG [2013.01.11 22:29:24 | 000,024,348 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Eigene Dateien\Hz.htm [2013.01.09 22:59:27 | 000,608,052 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 22:59:27 | 000,569,006 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 22:59:27 | 000,139,418 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 22:59:27 | 000,114,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.08 14:37:10 | 000,196,607 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\Herunterladen.pdf [2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.01.01 00:17:53 | 025,731,190 | ---- | M] () -- C:\Dokumente und Einstellungen\tester\Desktop\01spie.rar [2012.12.23 12:45:17 | 003,622,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Dokumente und Einstellungen\tester\Desktop\MBR.dat [2013.01.22 00:42:34 | 001,110,476 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\7z920.exe [2013.01.22 00:40:26 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\Defogger.exe [2013.01.22 00:38:36 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\gmer-2.0.18444.exe [2013.01.22 00:10:16 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job [2013.01.22 00:09:37 | 000,000,162 | ---- | C] () -- C:\WINDOWS\reimage.ini [2013.01.22 00:09:30 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Scan & Repair by Reimage.lnk [2013.01.21 23:51:23 | 000,000,478 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job [2013.01.21 23:51:08 | 000,000,826 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\SpeedyPC Pro.lnk [2013.01.21 23:51:07 | 000,000,502 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job [2013.01.21 23:51:06 | 000,000,450 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job [2013.01.21 23:51:04 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job [2013.01.21 23:37:59 | 000,081,164 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Eigene Dateien\cc_20130121_233753.reg [2013.01.21 23:32:53 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.01.21 22:37:37 | 000,574,315 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\adwcleaner.exe [2013.01.21 22:32:19 | 013,462,931 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\mbar-1.01.0.1016.zip [2013.01.21 22:27:20 | 000,000,672 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\TrojanHunter.lnk [2013.01.21 22:27:09 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2013.01.21 22:17:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2013.01.21 22:17:47 | 000,185,616 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll [2013.01.21 22:17:47 | 000,169,744 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2013.01.21 22:17:47 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2013.01.21 22:17:46 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2013.01.21 19:51:41 | 000,104,396 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\Unbenannt111.JPG [2013.01.21 18:59:41 | 000,104,396 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Eigene Dateien\Unbenanntaaaa.JPG [2013.01.20 14:51:00 | 000,129,948 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\Unbenannt.JPG [2013.01.17 21:09:58 | 000,831,514 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\2013-01-17_16-59-11_643.jpg [2013.01.17 21:09:37 | 000,856,753 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\Hotmail.zip [2013.01.16 14:55:40 | 000,021,341 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\Varinat überweisung.pdf [2013.01.16 13:22:52 | 000,021,434 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\PB_Auslandsüberweisung_KtoNr0944398308_16-01-2013_1322.pdf [2013.01.12 16:50:50 | 000,131,061 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\1.JPG [2013.01.11 22:29:24 | 000,024,348 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Eigene Dateien\Hz.htm [2013.01.08 14:37:09 | 000,196,607 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\Herunterladen.pdf [2013.01.01 00:17:52 | 025,731,190 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\01spie.rar [2012.12.24 05:10:58 | 001,228,504 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Desktop\mtopcuaraaba.rar [2012.11.26 15:46:50 | 000,004,747 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\.recently-used.xbel [2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.04.02 10:55:22 | 000,317,952 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2012.04.02 10:55:22 | 000,145,920 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2012.04.02 10:53:59 | 000,120,112 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2012.04.02 10:51:35 | 000,349,264 | ---- | C] () -- C:\WINDOWS\System32\UPDIO2.dll [2012.04.02 10:51:35 | 000,261,712 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe [2012.04.02 10:51:34 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll [2012.04.02 10:51:33 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe [2012.02.15 20:33:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.04 23:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BarCode.INI [2011.08.01 21:18:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.04.27 21:50:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\{25B0A8F6-4754-48A6-B175-886F4BB11B6F} [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2011.04.08 01:52:48 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\winscp.rnd [2011.03.21 02:17:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.06 23:02:48 | 000,007,170 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\F4DE.CD7 [2011.01.24 12:46:20 | 000,000,265 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc [2010.11.30 09:09:15 | 008,806,614 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-682003330-436374069-839522115-1004-0.dat [2010.11.30 09:09:10 | 000,397,582 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2010.09.16 16:03:10 | 000,002,828 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2010.09.16 16:03:10 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\A890439121.sys [2010.08.22 04:48:02 | 000,011,776 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.22 03:55:00 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2010.08.22 03:44:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.28 15:12:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.12.04 19:45:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads [2013.01.22 00:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Deutsche Post AG [2011.10.25 20:04:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeHideIP [2010.10.04 00:43:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2010.12.02 14:01:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jtl-software [2012.12.04 20:17:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM [2010.10.04 00:47:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.10.06 19:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2010.10.06 19:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.01.08 19:47:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2012.10.02 21:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2012.11.30 02:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2010.11.23 19:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2013.01.21 23:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedyPC Software [2012.04.02 11:35:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScan [2013.01.22 00:50:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2013.01.21 22:27:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrojanHunter [2010.11.23 18:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2012.07.03 10:21:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2010.11.23 18:52:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2010.10.22 20:31:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.10.25 20:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{5F9E318F-6857-4A05-90D8-6E92501E2136} [2012.12.04 20:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{9D32C6BC-9649-4BBB-B075-B26C6CA62F12} [2012.07.03 09:53:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone [2010.12.16 20:29:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\.los_reference [2012.02.01 17:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Camfrog [2013.01.21 23:35:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\DAEMON Tools Lite [2012.12.04 20:16:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\DATA BECKER Shared [2013.01.21 23:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\DriverCure [2013.01.21 23:35:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\FileZilla [2011.10.25 20:04:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\FreeHideIP [2011.04.28 05:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\FRITZ! [2012.11.26 15:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\gtk-2.0 [2010.10.06 19:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Nokia [2012.02.25 23:39:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Notepad++ [2010.10.04 00:50:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\PC Suite [2012.12.04 19:45:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\ProtectDisc [2012.08.08 21:01:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\redsn0w [2012.10.02 21:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Samsung [2012.05.19 01:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Scribus [2013.01.21 22:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Simply Super Software [2013.01.21 23:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\SpeedyPC Software [2011.09.12 17:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Telbo [2013.01.21 21:31:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\TrojanHunter [2010.11.23 18:53:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\TuneUp Software [2010.08.22 03:00:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\URSoft [2012.07.03 09:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Vodafone [2011.07.11 13:21:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Vodafone Mobile Broadband [2012.04.07 15:24:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Voipwise [2012.12.07 22:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tester\Anwendungsdaten\Wyotr ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 176 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 @Alternate Data Stream - 174 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B3D74A13 @Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9D1B94FD < End of report > [/CODE] |
22.01.2013, 01:19 | #2 |
| HEUR:Exploit.Java.CVE-2012-0507.genCode:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-22 01:17:47 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1600BEVS-00VAT0 rev.11.01A11 149,05GB Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\tester\LOKALE~1\Temp\kwdcqaob.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA9A8A55C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA9A26A82] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA9A3D962] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA9A26FFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA9A26EE0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA9A3DC88] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xA9A8C4D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xA9A8C6F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA9A8D5B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA9A2711A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA9A4DAC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA9A8CBB6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA9A3DD56] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA9A8C37C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA9A379E2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA9A391CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA9A26AC6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA9A8A69E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA9A389D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA9A3936A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA9A8A306] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA9A3851A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA9A38772] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA9A4DAE0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA9A3C126] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA9A27090] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA9A26F70] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA9A8BF24] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA9A8D85E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA9A271B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA9A8C912] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xA9A4DAD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA9A37816] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA9A38FD8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xA9A3C332] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA9A38DCC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA9A8D260] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA9A37AF6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA9A38168] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA9A3DF96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA9A3DE24] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePortEx [0xA9A3DEDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA9A3E006] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA9A3836E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA9A8CF8C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA9A37C9A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xA9A37E30] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xA9A37FCC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA9A3DAF0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA9A8D0E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA9A2723A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA9A8A410] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA9A38B96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA9A8C0C4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA9A8CE34] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA9A2724C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA9A8C224] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA9A8CAB2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA9A8D9C6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA9A8D6F0] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2434 80501C84 12 Bytes [88, DC, A3, A9, D6, C4, A8, ...] {MOV AH, BL; MOV [0xa8c4d6a9], EAX; TEST EAX, 0xa9a8c6f2} .text ntkrnlpa.exe!ZwCallbackReturn + 2444 80501C94 16 Bytes [B2, D5, A8, A9, 1A, 71, A2, ...] {MOV DL, 0xd5; TEST AL, 0xa9; SBB DH, [ECX-0x5e]; TEST EAX, 0xa9a4dac0; MOV DH, 0xcb; TEST AL, 0xa9} .text ntkrnlpa.exe!ZwCallbackReturn + 2500 80501D50 12 Bytes [06, A3, A8, A9, 1A, 85, A3, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 267C 80501ECC 20 Bytes [F6, 7A, A3, A9, 68, 81, A3, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501F04 20 Bytes [8C, CF, A8, A9, 9A, 7C, A3, ...] .text ... .vmp2 C:\WINDOWS\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA913269D] ---- User code sections - GMER 2.0 ---- ? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[240] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[240] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6CD01A54 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[240] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[240] USER32.dll!AlignRects 7E362A78 4 Bytes [53, 2A, D0, 6C] {PUSH EBX; SUB DL, AL; INS BYTE [ES:EDI], DX} .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413671FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41367062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413670C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413672C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41367126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 4126DB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[492] ole32.dll!OleLoadFromStream 774F983B 5 Bytes JMP 413675C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1408] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1408] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6CD01A54 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1408] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1408] USER32.dll!AlignRects 7E362A78 4 Bytes [53, 2A, D0, 6C] {PUSH EBX; SUB DL, AL; INS BYTE [ES:EDI], DX} .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413671FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41367062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413670C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413672C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41367126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060aab93a Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0x85 0xE5 0xC6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x19 0xA5 0xED 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0x8C 0x96 0xAA ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060aab93a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0x85 0xE5 0xC6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x19 0xA5 0xED 0xE5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0x8C 0x96 0xAA ... ---- EOF - GMER 2.0 ---- |
22.01.2013, 01:23 | #3 |
| HEUR:Exploit.Java.CVE-2012-0507.gen screensshot
__________________ |
22.01.2013, 02:11 | #4 |
| HEUR:Exploit.Java.CVE-2012-0507.genCode:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:02 on 22/01/2013 (tester) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- |
Themen zu HEUR:Exploit.Java.CVE-2012-0507.gen |
alibaba, anwendungsdaten, aswmbr, avp.exe, becker, cache, ccsetup, datei, direkt, dokumente, einstellungen, email, gefunde, gelöscht, heur, heur:exploit.java.cve-2012-0507.gen, kaspersky, launch, limited.com/facebook, löschen, msiexec.exe, msiinstaller, nicht löschen, office 2007, reimage, reimage repair, super, unbekanter, visual studio, windows internet, würde |