Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt

Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt


Log-Analyse und Auswertung: Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.04.2013, 20:20   #1
Steffi1234
 
Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt - Standard

Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt


Hallo liebe Helfer,

erstmal finde ich es großartig, dass Ihr hier Eure Zeit aufwendet, um uns zu helfen. Vielen Dank schon mal dafür.

Ich habe mir leider auch diesen Trojaner eingefangen. Es wäre nett, wenn Ihr mir helfen könntet, da ich den Eindruck habe, dass es für die Entfernung des Trojaners keine Generallösung gibt, sondern immer vom jeweiligen Rechner abhängt.

Ich benutze als Antivirenprogramm Sophos, allerdings hat dieses den Trojaner nicht entdeckt, sondern der Kaspersky Security Scan, den man frei herunterladen kann. Dieser hat folgende Meldung im Bericht geliefert:

HEUR:Exploit.Java.CVE-2012-1723.gen
jar_cache7725885904557327434.tmp
C:\Documents and Settings\******\AppData\Local\Temp

Leider habe ich von dem Scan keinen Logfile, da die freie Version den Bericht nicht speichert. Aber die obige Beschreibung hatte ich per Word gespeichert.
Als einzige Maßnahme hatte ich versucht, alles von Java zu löschen und habe die Datei bei virus-total.de checken lassen. Leider konnte ich eine Update-Funktion von Java nicht löschen (Java[TM] 6 Update 22).

Hier die Logs:

OTL
Code:
ATTFilter
OTL logfile created on: 01.04.2013 23:10:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*** ***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,81% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 76,94 Gb Free Space | 66,08% Space Free | Partition Type: NTFS
Drive D: | 349,32 Gb Total Space | 221,57 Gb Free Space | 63,43% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: *** *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.01 23:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe
PRC - [2013.03.21 15:44:20 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.02.13 15:05:11 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.02.13 15:05:10 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.02.13 15:04:26 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.20 16:19:07 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.10.16 18:49:54 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.10.01 22:07:10 | 001,485,824 | ---- | M] () -- C:\Windows\MultiKMS\MultiKMS.exe
PRC - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\PSIA.exe
PRC - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012.07.25 10:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.09.01 03:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.10 20:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.05.18 12:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.04.19 21:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 23:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.21 09:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 03:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2005.07.07 01:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2004.10.18 11:51:58 | 000,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2007.12.20 16:02:20 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.08.08 12:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.06.15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2013.03.21 15:44:20 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.03.21 15:44:14 | 001,468,920 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2013.03.13 16:54:02 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 14:38:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.13 15:05:11 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.02.13 15:04:26 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.20 16:19:07 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.10.16 18:49:54 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.10.01 22:07:10 | 001,485,824 | ---- | M] () [Auto | Running] -- C:\Windows\MultiKMS\MultiKMS.exe -- (MultiKMS)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.05.18 12:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2004.10.18 11:51:58 | 000,065,536 | ---- | M] (OLYMPUS Corporation) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.11.20 16:19:18 | 000,132,424 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012.11.20 16:19:13 | 000,033,096 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012.10.16 18:50:20 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.10.16 18:49:20 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012.03.08 15:31:45 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.03.17 11:33:37 | 000,108,768 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV08.sys -- (ACEDRV08)
DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007.12.20 16:55:06 | 003,478,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.10.01 08:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.11 06:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.07.31 08:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.24 21:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.20 05:12:18 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.01.24 20:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.15 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 11:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2003.07.30 04:18:50 | 000,003,839 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GETPADD.sys -- (GETPADD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.02 16:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:37:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:38:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:37:53 | 000,000,000 | ---D | M]
 
[2012.03.08 01:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*** ***\AppData\Roaming\mozilla\Extensions
[2013.02.15 14:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*** ***\AppData\Roaming\mozilla\Firefox\Profiles\nf2rob03.default\extensions
[2012.12.14 10:49:45 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\*** ***\AppData\Roaming\mozilla\Firefox\Profiles\nf2rob03.default\extensions\50cae09998b40@50cae09998b79.com
[2013.02.15 14:05:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\*** ***\AppData\Roaming\mozilla\firefox\profiles\nf2rob03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.27 16:52:42 | 000,002,515 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\mozilla\firefox\profiles\nf2rob03.default\searchplugins\Search_Results.xml
[2013.03.08 14:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.03.08 14:37:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 14:38:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.27 16:52:42 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2010.11.01 17:08:04 | 000,424,452 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.123haustiereundmehr.com
O1 - Hosts: 14630 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SaveByclick Class) - {C8080964-5877-7F92-F173-19718B022D5C} - C:\ProgramData\SaveByclick\50cae09998cd0.ocx ()
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FDAA2CF-4CA3-471C-AF1F-88F1DDAA6E69}: DhcpNameServer = 128.176.0.28 128.176.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C8536BE-28E0-4DD2-A495-41719DC2FE07}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (L) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*** ***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*** ***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{66ca29e0-6921-11e1-905d-f8de839cd88e}\Shell - "" = AutoRun
O33 - MountPoints2\{66ca29e0-6921-11e1-905d-f8de839cd88e}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{c7e8b167-d549-11de-9df8-e65c795418e5}\Shell - "" = AutoRun
O33 - MountPoints2\{c7e8b167-d549-11de-9df8-e65c795418e5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.01 23:07:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe
[2013.03.31 23:01:12 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013.03.31 22:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.31 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.03.08 14:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.01 23:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe
[2013.04.01 23:04:09 | 000,377,856 | ---- | M] () -- C:\Users\*** ***\Desktop\gmer_2.1.19155.exe
[2013.04.01 22:55:22 | 000,000,000 | ---- | M] () -- C:\Users\*** ***\defogger_reenable
[2013.04.01 22:54:20 | 000,050,477 | ---- | M] () -- C:\Users\*** ***\Desktop\Defogger.exe
[2013.04.01 22:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 22:34:15 | 000,671,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.01 22:34:15 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.01 22:34:15 | 000,144,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.01 22:34:15 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.01 22:25:44 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.04.01 22:25:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 22:25:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 22:25:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 22:25:02 | 2144,641,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 22:23:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.03.31 23:00:51 | 000,000,961 | ---- | M] () -- C:\Users\*** ***\Desktop\Kaspersky Security Scan.lnk
[2013.03.31 00:00:03 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.03.04 20:06:36 | 000,002,605 | ---- | M] () -- C:\Users\*** ***\Desktop\Microsoft Word.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.01 23:04:06 | 000,377,856 | ---- | C] () -- C:\Users\*** ***\Desktop\gmer_2.1.19155.exe
[2013.04.01 22:55:22 | 000,000,000 | ---- | C] () -- C:\Users\*** ***\defogger_reenable
[2013.04.01 22:54:16 | 000,050,477 | ---- | C] () -- C:\Users\*** ***\Desktop\Defogger.exe
[2013.03.31 23:01:12 | 000,000,961 | ---- | C] () -- C:\Users\*** ***\Desktop\Kaspersky Security Scan.lnk
[2012.05.20 19:03:15 | 000,001,794 | ---- | C] () -- C:\Users\*** ***\AppData\Roaming\SAS7_000.DAT
[2012.05.16 12:55:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2012.05.16 12:55:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2012.05.16 12:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\Dssole.INI
[2012.03.09 02:28:13 | 000,000,715 | ---- | C] () -- C:\Windows\System32\Settings.ini
[2012.03.08 23:51:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.08 23:50:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.08 23:50:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.01.24 09:30:08 | 000,003,839 | ---- | C] () -- C:\Windows\System32\drivers\GETPADD.sys
[2009.12.23 11:43:15 | 232,923,180 | ---- | C] () -- C:\Users\*** ***\Adhs1.wav
[2009.02.01 23:13:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.07 21:29:55 | 000,001,356 | ---- | C] () -- C:\Users\*** ***\AppData\Local\d3d9caps.dat
[2008.12.25 22:45:16 | 000,201,216 | ---- | C] () -- C:\Users\*** ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.29 13:24:06 | 000,017,408 | ---- | C] () -- C:\Users\*** ***\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.20 13:35:05 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\.minecraft
[2012.07.31 19:59:18 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Asqauk
[2012.12.30 21:10:11 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Audacity
[2011.12.19 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Canneverbe Limited
[2012.03.11 16:18:46 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DAEMON Tools Lite
[2013.02.02 16:32:40 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DVDVideoSoft
[2013.02.02 16:32:21 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.24 13:35:53 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\F4
[2012.01.27 16:54:17 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\FreeAudioPack
[2012.07.31 17:26:27 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Godei
[2009.01.07 15:52:00 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\ICQ
[2012.12.26 14:47:40 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\JAM Software
[2010.04.05 14:52:36 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\MyPhoneExplorer
[2012.05.15 22:18:11 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Opera
[2012.12.14 10:01:11 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\pdfforge
[2012.05.15 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\TeamViewer
[2012.01.27 16:12:11 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\XMedia Recode
[2011.05.05 15:38:31 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\XnView
[2012.08.03 10:37:42 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Yxepg
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 01.04.2013 23:10:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*** ***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,81% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 76,94 Gb Free Space | 66,08% Space Free | Partition Type: NTFS
Drive D: | 349,32 Gb Total Space | 221,57 Gb Free Space | 63,43% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: *** *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5468F88A-D092-42A4-A087-0C891BDA3DE1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{608B9058-FF90-4DDE-8F8E-6D1A7FE319C0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6D183C17-D16D-4548-A301-F71BF7F5E48E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{732C4BBA-295A-4CEC-8A40-30295A33255A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{923F4CFE-942F-418D-9299-B6CE5C803936}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB306CF3-C8B0-41E8-8DA2-B5048CA2E27F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9B2C71B-66C3-4791-84BC-68A2CAD81694}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{BD327DBB-7851-413B-85E5-C5A3B6DCC7A3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C8754DCE-8702-474B-AFAF-ED359FF8FE1E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CF4C09A9-BFC4-4DA1-87F0-467C898C63D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0880686D-7BE1-43F2-B56C-0E7506FCB6F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6D5CA3E5-8252-4050-9AF2-29E53391F507}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{75B356B8-F9FF-4B3A-9EE5-33633E6EDBEF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7D0C1DF2-1EAD-4CB0-A460-EFA27196902F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B2DEB534-29C0-4420-BAA7-7C43012BECCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7A10582-5D9B-4253-8E83-2547C6816F0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BF7E977E-C45B-4089-9EF8-9AEC32FBEACD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{C9EF0221-69EA-4D7D-B0AF-F0A8C2F9C3F1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{EC091231-558B-4616-A79B-FFBA76151F9F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{FB867491-DE8F-480B-B811-40395219DA14}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{035D6ED1-B1E1-4CCD-A622-F93C7D044D85}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{12314951-48F4-44CB-9F75-9C905F5C94C9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{324E044C-FA37-4E5F-8EB8-B2B3991FC05F}C:\program files\olympus\dssplayerpro\dssplay.exe" = protocol=6 | dir=in | app=c:\program files\olympus\dssplayerpro\dssplay.exe | 
"TCP Query User{373C91A9-BA02-4A4F-8471-969B423D9968}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{38FE809F-8D44-4EF2-9543-4FCB7C0BB352}C:\windows\system32\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"TCP Query User{565FE91E-FBD8-4095-A795-387B9CE2C863}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{7DF83C61-46B2-4651-8FC1-6C0A5742A433}C:\program files\olympus\dssplayerpro\tpstwnd.exe" = protocol=6 | dir=in | app=c:\program files\olympus\dssplayerpro\tpstwnd.exe | 
"TCP Query User{89C0A7DB-4EA2-4CBD-B255-46DB241E6615}C:\windows\system32\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"TCP Query User{8AA3A882-E6C7-4A58-857D-95CD8519FE9E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A4A59860-1D18-492C-9503-54CF09F26C52}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{ABC043CC-12CE-4D2B-A3FC-F0B0A3ED45EB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{CD53DA94-17B4-433A-9123-A548C0014EC8}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{DB504200-F75D-4001-BB0A-1D622E32CFB0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F2397585-9448-4094-8F79-DFF07778CBBB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{0B54CF60-DF06-49B9-B009-8F4423A25E86}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{2D71AA13-9031-4ABC-AD93-2CA4778416E5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{37AA822D-5846-4B31-86FB-CEB7894023A1}C:\program files\olympus\dssplayerpro\dssplay.exe" = protocol=17 | dir=in | app=c:\program files\olympus\dssplayerpro\dssplay.exe | 
"UDP Query User{48279308-A2C8-4888-BBC7-4DAA34CE8478}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6AF9D8C8-D76C-474B-BC9D-9AD266B2F158}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{7717176D-F053-4A92-97CD-4B0595EA9CBF}C:\program files\olympus\dssplayerpro\tpstwnd.exe" = protocol=17 | dir=in | app=c:\program files\olympus\dssplayerpro\tpstwnd.exe | 
"UDP Query User{7E456824-ABC6-48BF-BBF0-17097751BC7B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{8E06B7D7-BF82-4D40-8047-5757933C32FE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{99802A03-AF84-4A36-9CC0-6D0849F650D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A43ABA27-5B8F-484A-9623-254FAF5B82A7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A766F391-BFA2-44E2-84B9-5D1359FEFF7F}C:\windows\system32\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"UDP Query User{B2078B41-A844-4EF2-A5DD-BB9FF251AAFA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{B6C65289-8D1F-4D83-9997-87109086296A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DEDAE088-3A41-466C-B20D-171BE2F5D0B9}C:\windows\system32\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{025F9C8B-27B3-76B0-08E8-4EB918DE287B}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0813BDD1-7E8E-4F18-A13C-037CDD7F9A48}" = Catalyst Control Center Localization Chinese Traditional
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B3ED35F-3BDC-72FE-3477-A7CA54325F06}" = CCC Help Chinese Traditional
"{0B950F52-0FD9-C679-6FD0-C4D4F43ACA3E}" = Catalyst Control Center Localization Greek
"{0E4DC8EF-9438-AEEF-A042-851C2EA86FEA}" = Catalyst Control Center Localization Finnish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1A915E9E-75A0-5FD6-53C3-D2E5EDA27B52}" = Catalyst Control Center Localization Polish
"{1BDCA62C-699A-A3C2-57C6-D496414BA297}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CE34A07-F95C-C749-B8FB-10BEFBB5D917}" = Catalyst Control Center Localization Swedish
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{22AD2DF3-00C4-68EB-8D2A-C5AC60BDA907}" = CCC Help Greek
"{24339461-1E3B-290E-613E-B0B234B64ABE}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}" = SaveByclick
"{27DB888F-A703-E898-6261-D84260EF93DA}" = Catalyst Control Center Core Implementation
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{337C0055-BE59-63E5-72AE-DAED46ED980B}" = CCC Help Korean
"{342D2010-703F-2098-441E-F96F532EBD09}" = CCC Help Chinese Standard
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A9A74B7-DAE0-EB01-E51A-D2A6720CF135}" = CCC Help Japanese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E7CE151-F6EC-8550-9B73-427F6A89AC42}" = CCC Help Polish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45936E5D-5CEB-A100-8694-B62523FD99C6}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4BE52CD7-9B51-F4D8-ED51-8E89324F3EBD}" = Catalyst Control Center Localization Norwegian
"{4EE9DA0A-4CED-1FB9-3231-24C85855A387}" = Catalyst Control Center Localization Spanish
"{50DD51CF-31D8-7831-D4E8-E13E0A736D93}" = Catalyst Control Center Localization Russian
"{52159193-1EA1-B129-7C03-7120CB0C502E}" = CCC Help Portuguese
"{52E43F33-7D7C-3209-0539-1B2A43010E0D}" = Catalyst Control Center Localization Turkish
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{58752780-E21C-A458-2397-BD8D5E3CB0C1}" = Catalyst Control Center Localization Portuguese
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6602C18D-52EC-BB1F-C3B9-EFF2F1463A58}" = Catalyst Control Center Localization Thai
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77AD4A77-F70F-84BC-B52B-91DAB868EF27}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{872717DD-EE82-F142-4DF7-0308772A8DE4}" = ccc-utility
"{88D44595-9B8E-38FF-7CD9-F5A1423BA2D6}" = Catalyst Control Center Graphics Light
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8D3D4041-DA1D-F814-B37E-ABF774556DAA}" = Catalyst Control Center Localization Italian
"{8E35083D-B04F-4823-A260-C07FDD3D40FD}" = Olympus DSS Player Pro
"{900F0963-B211-5692-EEEC-4DFF6F7321F6}" = CCC Help Swedish
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AA9814-7B89-DA53-5FCA-EBDCDAC4F611}" = CCC Help Italian
"{92C98289-5C00-4A4E-03ED-6E59F7D73435}" = Catalyst Control Center Localization Chinese Standard
"{97C9E93A-7DEA-37C2-50F0-E6172D91DEE6}" = CCC Help German
"{97F73E68-213C-6F88-A590-9C600186E36C}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF9D522-7FA6-D442-9769-558E3B4503F0}" = Skins
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB870B63-94EF-0B0A-340E-62CAF5D48B17}" = CCC Help French
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6512E97-FFA8-6A76-4B07-036784E56A7B}" = Catalyst Control Center Localization Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8F1FA25-D1F3-5DEB-5AE2-18E72A2955CA}" = Catalyst Control Center Localization Danish
"{B935DAF9-605C-A1F8-7A4E-BE87E82B7237}" = CCC Help Norwegian
"{C0BAF48F-940E-7AC7-63B3-BDFAF8A6CCA5}" = CCC Help Thai
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C1B22596-9F6C-6795-F374-D6843ABA8A9A}" = Catalyst Control Center Localization Korean
"{C1D783C5-D3ED-D03E-59CE-1FCC0C059B0F}" = ATI Catalyst Install Manager
"{C376495E-6F9D-2A3A-329E-960682A22B3B}" = Catalyst Control Center Localization Hungarian
"{C6FB5BC4-823A-FE8B-01CB-3A7F51B4C9C2}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D8438AE5-4BE7-CEC7-D0AA-189B34C4628F}" = CCC Help Dutch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF4EB70F-6EBF-AD9E-AF89-D1398A284C86}" = Catalyst Control Center Graphics Previews Common
"{E037311F-0715-DB85-4394-6B09A66605C0}" = CCC Help Spanish
"{E1D0A2DB-9B8D-E7B1-295B-DDAB0B9A423F}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAF8F949-849D-9E39-2A86-0DB83A90405B}" = Catalyst Control Center Graphics Full Existing
"{EDFE36E7-B60E-BF8E-F2DF-0DD61B1E3CAE}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F656696C-CF30-03E5-03A8-05078E02ACEB}" = CCC Help Danish
"{F6CAF803-A534-705F-A673-A04FCEC5AFC9}" = CCC Help Russian
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FCABF3BF-D716-980B-F463-32D5734A3DB4}" = CCC Help English
"{FE0C4C63-56C1-087C-3404-C547405FCEA7}" = Catalyst Control Center Graphics Previews Vista
"{FE44D8AC-80B2-A8BA-291F-59109DE96C11}" = CCC Help Turkish
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 2.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"Firefox Browser" = Firefox Browser (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Recuva" = Recuva (remove only)
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.7
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 2.0.4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.03.2013 11:13:53 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 29.03.2013 10:24:34 | Computer Name = ******-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 13b0  Anfangszeit: 01ce2c883a4d79c5  Zeitpunkt der
 Beendigung: 47
 
Error - 29.03.2013 14:52:54 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.03.2013 12:27:48 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.03.2013 18:59:58 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.03.2013 19:40:14 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 01.04.2013 16:29:30 | Computer Name = ******-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.04.2013 16:29:30 | Computer Name = ******-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.04.2013 16:30:11 | Computer Name = ******-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.04.2013 16:30:11 | Computer Name = ******-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 01.04.2013 03:56:38 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:16:07 | Computer Name = ******-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.04.2013 um 22:13:27 unerwartet heruntergefahren.
 
Error - 01.04.2013 16:17:36 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:17:36 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.04.2013 16:18:37 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 01.04.2013 16:18:37 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:22:37 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:23:41 | Computer Name = ******-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.04.2013 16:26:43 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:26:43 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >


Der Laptop zeigt soweit keine Beeinträchtigungen, aber ich habe nach der Google-Suche Sorge, dass der Trojaner auf Dauer einiges an Schaden anrichten wird. Ich hoffe, ich habe an alles gedacht. Gmer hänge ich in einem weiteren Post an.

Vielen Dank und schönen Abend,
Steffi1234

 

Themen zu Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt
avg secure search, bho, bonjour, converter, dvdvideosoft ltd., error, firefox, flash player, geliefert, google, helper, heur, home, iexplore.exe, install.exe, kaspersky, logfile, mozilla, mp3, msiexec.exe, object, olympus, programm, realtek, recuva, registry, savebyclick, scan, secunia psi, secure search, security, software, svchost.exe, trojaner, vista, vtoolbarupdater


« 3 Trojaner gefunden, was nun? | "Server ist ausgelastet" »


Ähnliche Themen: Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt


  1. HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (13)
  2. HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (12)
  3. Kaspersky Internet Security meldet Fund: HEUR:Exploit.Java.CVE-2012-1723.gen
    Log-Analyse und Auswertung - 15.10.2013 (13)
  4. Kaspersky - HEUR:Exploit.Java.CVE-2012-1723.gen
    Log-Analyse und Auswertung - 21.09.2013 (3)
  5. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  6. Kaspersky - gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (5)
  7. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  8. Kaspersky erkennt HEUR:Exploit.Java.CVE-2012-0507/1723.gen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (3)
  9. Heur:Exploit.java.cve-2012-1723.gen entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (46)
  10. Trojaner: "HEUR:Exploit.Java.CVE-2012-1723.gen" in c:\documents and settings\ela\appdata\local\temp\jar_cache8475908429309578927.tmp
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (6)
  11. Trojaner gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (3)
  12. HEUR:Exploit.Java.CVE-2012-1723.gen
    Log-Analyse und Auswertung - 18.03.2013 (1)
  13. HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt
    Log-Analyse und Auswertung - 15.02.2013 (23)
  14. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  15. HEUR:Exploit.Java.CVE-2012-1723.gen in c:/documents and settings/.../appdata/locallow/sun/java/deployment/cache/6.0/1/3935ec1-7693a783
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (2)
  16. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  17. HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt - Hallo liebe Helfer, erstmal finde ich es großartig, dass Ihr hier Eure Zeit aufwendet, um uns zu helfen. Vielen Dank schon mal dafür. Ich habe mir leider auch diesen Trojaner - Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt...
Archiv
Du betrachtest: Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55