|
Log-Analyse und Auswertung: exploit.java.CVE-2010-4452.a. und 11 Infizierte RegistrierungsschlьsselWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.12.2011, 18:01 | #1 |
| exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel Hallo Mädels, hallo Jüngs, Mein Problem ist folgendes: ich habe einen Virensuchlauf mit Kaspersky 2012 gemacht und leider wurde auch etwas gefunden und zwar handelt es sich um Malware exploit.java.CVE-2010-4452.a. Das Programm hat mir auch sofort die Möglichkeit gegeben, den Schädling zu löschen. Was ich daraufhin auch getan habe. Seid dem kommt nichts mehr. Auch Kaspersky gibt an das keine Bedrohung vorhanden ist. Außer dem, wenn ich im Administratorkonto sich anmelde, kommt es immer wieder ein Systemmeldung, den "Scrin" als Anlage dabei. Jetzt ist meine frage, ist dieser Virus schädlich? Ist jetzt das System sauber? Sollte ich mein System neu aufsetzten? Ich benütze Online-Banking und andere vertraurliche Anwendungen,deswegen brauche ich Euren Rat. Vielen Dank im vorraus! Alle Anwendungen die im Forum Beschrieben sind, habe durlafen lasse und anbei das Ergebniss: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8307 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 04.12.2011 16:58:45 mbam-log-2011-12-04 (16-58-35).txt Art des Suchlaufs: Vollstдndiger Suchlauf (C:\|D:\|F:\|G:\|I:\|) Durchsuchte Objekte: 429751 Laufzeit: 1 Stunde(n), 38 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlьssel: 11 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 4 Infizierte Dateien: 11 Infizierte Speicherprozesse: (Keine bцsartigen Objekte gefunden) Infizierte Speichermodule: (Keine bцsartigen Objekte gefunden) Infizierte Registrierungsschlьssel: HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: (Keine bцsartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bцsartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\webmediaplayer (Adware.EGDAccess) -> No action taken. c:\program files\webmediaplayer\resources (Adware.EGDAccess) -> No action taken. c:\program files\webmediaplayer\skins (Adware.EGDAccess) -> No action taken. c:\program files\webmediaplayer\updates (Adware.EGDAccess) -> No action taken. Infizierte Dateien: c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> No action taken. c:\programdata\Tages\100663909\anno1404_crack.exe (Trojan.Bancos) -> No action taken. g:\Soft\bildbearbeitung\ps_x2\активация\KEYGEN.EXE (Trojan.Agent) -> No action taken. g:\Soft\bildbearbeitung\ps_x2\активация\активатор.exe (PUP.Hacktool.Patcher) -> No action taken. g:\Soft\bildbearbeitung\rus\активация\активатор.exe (PUP.Hacktool.Patcher) -> No action taken. c:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken. c:\program files\webmediaplayer\sqlite3.dll (Adware.EGDAccess) -> No action taken. c:\program files\webmediaplayer\resources\languages_v2.xml (Adware.EGDAccess) -> No action taken. c:\program files\webmediaplayer\resources\webmedias (Adware.EGDAccess) -> No action taken. c:\program files\webmediaplayer\skins\classic.skn (Adware.EGDAccess) -> No action taken. c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken. Code:
ATTFilter OTL logfile created on: 04.12.2011 17:10:29 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\ProgramData\Kaspersky Lab\SandboxShared\Sicherheit Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 53,61% Memory free 7,18 Gb Paging File | 5,45 Gb Available in Paging File | 75,88% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,42 Gb Total Space | 2,45 Gb Free Space | 4,20% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 3,91 Gb Free Space | 39,12% Space Free | Partition Type: NTFS Drive F: | 104,07 Gb Total Space | 57,72 Gb Free Space | 55,46% Space Free | Partition Type: NTFS Drive G: | 45,77 Gb Total Space | 15,78 Gb Free Space | 34,49% Space Free | Partition Type: NTFS Computer Name: BIGBOS | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.04 14:48:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\ProgramData\Kaspersky Lab\SandboxShared\Sicherheit\OTL.exe PRC - [2011.11.25 20:32:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Programme\ABBYY FineReader 11\NetworkLicenseServer.exe PRC - [2011.08.17 12:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011.04.24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.02.23 10:01:28 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2009.11.01 18:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.09.28 16:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.02.15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe PRC - [2008.02.15 17:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2007.12.03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.09.07 17:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2007.09.07 09:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2007.09.07 09:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2007.09.07 09:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2007.09.07 09:50:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2007.08.28 06:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007.07.27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.11.03 16:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006.11.03 16:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2006.10.27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe ========== Modules (No Company Name) ========== MOD - [2011.11.25 20:32:44 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.07.08 18:52:24 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll MOD - [2006.11.03 16:46:24 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2006.11.03 16:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2006.10.27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll MOD - [2006.10.27 15:16:40 | 000,138,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\OUTLCTL.DLL MOD - [2006.10.26 21:30:42 | 000,065,312 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (stllssvr) SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.02.23 10:01:28 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.02.15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.01.24 11:21:24 | 000,375,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.01.24 11:21:14 | 000,177,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2011.11.24 19:14:56 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.15 18:42:02 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewsercd.sys -- (ewsercd) DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010.10.17 01:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.01.06 16:42:23 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.07.10 21:10:56 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.10 21:10:56 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2008.12.13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.09.26 16:06:24 | 000,129,824 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2008.09.26 16:06:24 | 000,032,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2008.08.25 15:48:18 | 000,040,496 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2008.02.20 17:17:01 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008.02.15 17:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.01.19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.07 09:37:36 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.09.07 10:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R) DRV - [2007.09.07 09:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.09.07 07:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.09.07 07:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.09.07 07:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.08.28 06:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080209 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080209 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.11.24 19:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.24 19:34:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.11.24 19:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 20:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.01 18:49:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2011.04.24 18:37:16 | 000,000,000 | ---D | M] [2011.11.25 20:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.24 14:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.25 20:32:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.16 18:28:31 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (IE 4.x-6.x BHO for Download Master) - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\Programme\Download Master\dmiehlp.dll (WestByte) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Экспорт в Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerдt senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerдt senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.) O9 - Extra Button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe (Mail.Ru) O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe (Mail.Ru) O9 - Extra Button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe (WestByte) O9 - Extra 'Tools' menuitem : &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe (WestByte) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38A0ECDE-9CD2-42E7-A024-20221FF2743E}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{669d330d-d703-11dc-986c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{669d330d-d703-11dc-986c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.04 14:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.04 14:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.04 14:50:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.04 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.03 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.11.24 19:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data [2011.11.24 19:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2011.11.24 19:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.11.24 19:14:56 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.11.24 14:33:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.11.24 14:33:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.11.24 14:33:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.11.18 12:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.18 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2011.11.18 12:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2011.11.18 12:08:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\3DMark [2011.11.18 10:56:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Папка обмена Bluetooth [2011.11.18 10:56:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Bluetooth Software [2011.11.18 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google [2011.11.18 10:52:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ICQ Toolbar [2011.11.18 10:36:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Eigene Google Gadgets [2011.11.18 10:36:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ApplicationHistory [2011.11.18 10:35:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google [2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.11.18 10:33:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities [2011.11.18 10:33:17 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten [2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten [2011.11.18 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp [2011.11.18 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft [2011.11.18 10:33:04 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop [2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.11.18 10:33:04 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData [2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Roaming [2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia ========== Files - Modified Within 30 Days ========== [2011.12.04 17:09:45 | 001,480,118 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011.12.04 17:09:45 | 000,630,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.04 17:09:45 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.04 17:09:45 | 000,131,080 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.04 17:09:45 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.04 17:09:35 | 001,048,576 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT [2011.12.04 17:09:05 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011.12.04 17:09:05 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.12.04 17:03:34 | 000,114,381 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.12.04 17:03:34 | 000,114,381 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.12.04 17:03:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.04 17:03:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.04 17:03:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.04 17:03:18 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.12.04 17:03:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011.12.04 17:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.04 17:02:07 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.12.04 16:58:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.04 14:50:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.04 14:16:19 | 002,433,699 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db [2011.12.03 19:08:37 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.29 18:42:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.11.24 19:17:00 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.11.24 19:17:00 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.11.24 19:14:56 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.11.24 12:14:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.18 12:19:06 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.18 12:09:45 | 000,000,613 | ---- | M] () -- C:\Users\Administrator\Desktop\3DMark2001SE - Verknüpfung.lnk [2011.11.18 10:50:00 | 000,109,720 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [2011.11.18 10:36:06 | 000,000,101 | ---- | M] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat [2011.11.18 10:35:12 | 000,008,224 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT [2011.11.18 10:33:05 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.11.18 10:33:05 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini ========== Files Created - No Company Name ========== [2011.12.04 14:50:16 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.04 14:16:19 | 002,433,699 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db [2011.12.03 19:08:37 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.24 19:17:00 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.11.24 19:17:00 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.11.18 12:19:06 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.18 12:09:45 | 000,000,613 | ---- | C] () -- C:\Users\Administrator\Desktop\3DMark2001SE - Verknüpfung.lnk [2011.11.18 10:48:52 | 000,000,946 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011.11.18 10:36:13 | 000,109,720 | ---- | C] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [2011.11.18 10:36:06 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat [2011.11.18 10:35:12 | 000,008,224 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT [2011.11.18 10:33:52 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.11.18 10:33:17 | 000,000,917 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011.11.18 10:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.11.18 10:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011.11.18 10:33:05 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.11.18 10:33:05 | 000,000,020 | -HS- | C] () -- C:\Users\Administrator\ntuser.ini [2011.11.18 10:33:04 | 001,048,576 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT [2011.10.16 18:28:15 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011.09.27 19:13:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.09.27 19:13:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.04.24 18:23:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.04.24 18:21:45 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.02.24 17:02:22 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll [2010.02.10 18:28:22 | 000,000,022 | ---- | C] () -- C:\Windows\Kyor.ini [2010.02.10 18:25:05 | 000,000,035 | ---- | C] () -- C:\Windows\rms.dat [2009.12.03 23:02:42 | 001,738,128 | ---- | C] () -- C:\Windows\System32\BCGPStyle2007Luna.dll [2009.12.02 16:54:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.19 20:52:07 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\03C098E9FC.sys [2009.09.19 20:27:47 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.08.15 20:33:37 | 000,006,266 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.08.15 20:33:37 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\3478262EB3.sys [2009.08.15 13:53:45 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.08.15 13:53:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5E1201E55F.sys [2009.07.17 13:47:57 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009.07.12 14:50:19 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.12 14:50:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.07.12 14:50:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009.07.12 14:50:17 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.07.12 14:50:17 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.07.12 14:50:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.07.12 14:50:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.07.10 21:10:56 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.10 21:10:56 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.05.27 14:57:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.27 14:57:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.27 14:57:02 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.01.23 23:00:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.01.23 18:27:37 | 000,673,792 | ---- | C] () -- C:\Windows\is-2S659.exe [2008.12.15 21:00:54 | 000,114,381 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.12.15 21:00:36 | 000,114,381 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.11.22 15:50:29 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.11.22 15:49:43 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.11.22 15:49:34 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.10.14 20:24:15 | 000,000,024 | ---- | C] () -- C:\Windows\ird.ini [2008.08.19 19:39:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.06.18 20:46:18 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008.06.07 22:27:29 | 000,000,022 | ---- | C] () -- C:\ProgramData\C9B086CE-4A3B-11DB-8373-B622A1EF5492 [2008.02.21 18:27:00 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.02.19 19:05:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.02.09 20:35:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008.02.09 20:35:01 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.02.09 12:55:37 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.02.09 12:41:53 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.11 20:52:50 | 000,454,656 | ---- | C] () -- C:\Windows\System32\mmSQL.dll [2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 16:33:31 | 000,630,952 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,131,080 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,410,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 001,480,118 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 11:33:01 | 000,607,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,108,604 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006.11.02 08:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006.11.02 08:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006.11.02 08:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006.11.02 08:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006.11.02 08:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006.11.02 08:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006.11.02 08:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006.11.02 08:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006.11.02 08:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006.11.02 08:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006.11.02 08:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006.11.02 08:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006.11.02 08:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006.11.02 08:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006.11.02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll [2005.08.17 13:53:03 | 000,401,408 | ---- | C] () -- C:\Windows\System32\StepButtonS.dll [2005.05.20 00:56:26 | 000,491,520 | ---- | C] () -- C:\Windows\System32\mp3lib.dll [2003.01.14 06:45:02 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UNZDLL.dll [2003.01.14 06:37:28 | 000,138,752 | ---- | C] () -- C:\Windows\System32\ZipDLL.dll [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.05.24 12:20:38 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll ========== LOP Check ========== [2011.11.18 10:52:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ Toolbar [2011.11.29 18:42:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2011.12.04 17:02:08 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.04 17:03:18 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E74F5F70 < End of report > Code:
ATTFilter ABBYY FineReader 11 ABBYY 27.09.2011 713MB 11.0.289 Acronis*Disk Director Server Acronis 19.02.2008 41,4MB 10.0.2169 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.11.2011 11.1.102.55 Adobe Flash Player ActiveX Adobe Systems Incorporated 08.02.2008 9.0.47.0 Adobe Reader 8.3.1 - Deutsch Adobe Systems Incorporated 13.09.2011 102,0MB 8.3.1 Advanced Audio FX Engine 08.02.2008 Advanced Audio Recorder v6.0.2 AAR Inc. 03.12.2008 17,1MB Advanced Video FX Engine 08.02.2008 ANNO 1404 Ubisoft 07.02.2010 3.160MB 1.00.0000 Apple Application Support Apple Inc. 25.06.2010 39,7MB 1.2.1 Apple Software Update Apple Inc. 25.06.2010 2,16MB 2.1.1.116 Audio 180% Franzis Verlag Gmbh 26.07.2008 Benutzerhandbuch 08.02.2008 0,82MB bhv Schule total 2003 2004 Startzentrale bhv 26.06.2010 1,37MB 1.00.0000 Canon Easy-WebPrint EX 01.08.2011 6,84MB Canon IJ Network Scan Utility 01.08.2011 1,07MB Canon IJ Network Tool 01.08.2011 2,91MB Canon MP Navigator EX 3.1 01.08.2011 72,5MB Canon MX340 series - регистрация пользователя 01.08.2011 1,09MB Canon MX340 series MP Drivers 01.08.2011 345MB Canon Utilities Easy-PhotoPrint EX 01.08.2011 222MB Canon Utilities My Printer 01.08.2011 5,23MB Canon Утилита быстрого набора 01.08.2011 8,52MB CCleaner Piriform 02.12.2011 2,55MB 3.13 CD DriveTool 28.02.2008 0,12MB DBOX2 Image-Flashing-Assistent 3.1.1 Hallenberg.com 04.10.2009 4,12MB Dealio Toolbar v4.6 Spigot, Inc. 26.08.2011 3,21MB 4.6 Dell Driver Download Manager Dell Inc. 23.12.2009 2.0.0.0 Dell Handbuch zum Einstieg Dell Inc. 08.02.2008 1.00.0000 Dell Support Center Dell Inc. 17.10.2011 119,5MB 3.1.5907.12 Dell Touchpad Alps Electric 08.02.2008 7,66MB 7.1.102.7 Dell Webcam Center 08.02.2008 14,1MB Dell Webcam Manager 08.02.2008 0,77MB Download Master version 5.12.2.1289 WestByte 02.12.2011 6,72MB 5.12.2.1289 ElsterFormular für Privatanwender Landesfinanzdirektion Thüringen 22.03.2011 143,2MB 12.1.1.6214p EVEREST Corporate Edition v5.30 Lavalys, Inc. 19.08.2011 16,3MB 5.30 Favorit 14.06.2008 Free Mp3 Wma Converter V 2.0 Koyote Soft 15.10.2011 26,2MB 2.0.0.0 Free Video Converter V 2.5 Koyote Soft 23.02.2010 13,2MB 2.5.0.0 FreePDF (Remove only) 26.09.2011 3,58MB Google Chrome Google Inc. 08.02.2009 52,6MB 15.0.874.121 Google Desktop Google 07.07.2010 8,61MB 5.9.1005.12335 Google Earth Google 17.11.2011 92,8MB 6.1.0.5001 Google Toolbar for Internet Explorer Google Inc. 29.11.2011 13,0MB 7.2.2318.1946 Google Updater Google Inc. 03.10.2011 3,43MB 2.4.2432.1652 GPL Ghostscript Artifex Software Inc. 26.09.2011 31,6MB 9.04 ICQ6.5 ICQ 12.03.2009 41,2MB 6.5 Intel(R) Matrix Storage Manager 08.02.2008 3,77MB Intel(R) PROSet/Wireless Software Intel Corporation 08.02.2008 11.01.0000 J2SE Runtime Environment 5.0 Update 12 Sun Microsystems, Inc. 01.05.2009 146,2MB 1.5.0.120 JAP JAP-Team 01.05.2009 8,00MB 00.11.001 Java(TM) 6 Update 22 Oracle 25.10.2011 97,1MB 6.0.220 Java(TM) 6 Update 29 Sun Microsystems, Inc. 14.09.2009 95,0MB 6.0.290 |
04.12.2011, 19:38 | #2 |
| exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel Bitte Thema entfernen, wurde versehentlich doppel erstellt!
__________________Entschuldigung |
04.12.2011, 20:07 | #3 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | exploit.java.CVE-2010-4452.a. und 11 Infizierte RegistrierungsschlьsselZitat:
Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ |
04.12.2011, 20:25 | #4 |
| exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel Danke, wird erneuert. |
Themen zu exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel |
adware.egdaccess, alternate, anlage, browser, canon, converter, desktop, disk director, e-banking, excel, excel.exe, firefox, flash player, frage, google, google earth, helper, home, internet security 2012, intranet, kaspersky, langs, logfile, malware, malware.packer.genx, nvlddmkm.sys, plug-in, problem, programm, registry, rogue.webmedia, scan, schädling, searchqu toolbar, security, software, starmoney, system neu, tastatur, updates, video converter, virus, vista, wma |