Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 04.12.2011, 18:01   #1
Genascha
 
exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel - Standard

exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel



Hallo Mädels, hallo Jüngs,

Mein Problem ist folgendes:

ich habe einen Virensuchlauf mit Kaspersky 2012 gemacht und leider wurde auch etwas gefunden und zwar handelt es sich um Malware exploit.java.CVE-2010-4452.a. Das Programm hat mir auch sofort die Möglichkeit gegeben, den Schädling zu löschen. Was ich daraufhin auch getan habe. Seid dem kommt nichts mehr. Auch Kaspersky gibt an das keine Bedrohung vorhanden ist.

Außer dem, wenn ich im Administratorkonto sich anmelde, kommt es immer wieder ein Systemmeldung, den "Scrin" als Anlage dabei.

Jetzt ist meine frage, ist dieser Virus schädlich?
Ist jetzt das System sauber?
Sollte ich mein System neu aufsetzten?

Ich benütze Online-Banking und andere vertraurliche Anwendungen,deswegen brauche ich Euren Rat.

Vielen Dank im vorraus!

Alle Anwendungen die im Forum Beschrieben sind, habe durlafen lasse und anbei das Ergebniss:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8307

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

04.12.2011 16:58:45
mbam-log-2011-12-04 (16-58-35).txt

Art des Suchlaufs: Vollstдndiger Suchlauf (C:\|D:\|F:\|G:\|I:\|)
Durchsuchte Objekte: 429751
Laufzeit: 1 Stunde(n), 38 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlьssel: 11
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bцsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungsschlьssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bцsartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\webmediaplayer (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\resources (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\skins (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\updates (Adware.EGDAccess) -> No action taken.

Infizierte Dateien:
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> No action taken.
c:\programdata\Tages\100663909\anno1404_crack.exe (Trojan.Bancos) -> No action taken.
g:\Soft\bildbearbeitung\ps_x2\активация\KEYGEN.EXE (Trojan.Agent) -> No action taken.
g:\Soft\bildbearbeitung\ps_x2\активация\активатор.exe (PUP.Hacktool.Patcher) -> No action taken.
g:\Soft\bildbearbeitung\rus\активация\активатор.exe (PUP.Hacktool.Patcher) -> No action taken.
c:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\sqlite3.dll (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\resources\languages_v2.xml (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\resources\webmedias (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\skins\classic.skn (Adware.EGDAccess) -> No action taken.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.
         
danach mit OTL.exe

Code:
ATTFilter
OTL logfile created on: 04.12.2011 17:10:29 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\ProgramData\Kaspersky Lab\SandboxShared\Sicherheit
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 53,61% Memory free
7,18 Gb Paging File | 5,45 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,42 Gb Total Space | 2,45 Gb Free Space | 4,20% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,91 Gb Free Space | 39,12% Space Free | Partition Type: NTFS
Drive F: | 104,07 Gb Total Space | 57,72 Gb Free Space | 55,46% Space Free | Partition Type: NTFS
Drive G: | 45,77 Gb Total Space | 15,78 Gb Free Space | 34,49% Space Free | Partition Type: NTFS
 
Computer Name: BIGBOS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.04 14:48:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\ProgramData\Kaspersky Lab\SandboxShared\Sicherheit\OTL.exe
PRC - [2011.11.25 20:32:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Programme\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2011.08.17 12:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.04.24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.02.23 10:01:28 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2009.11.01 18:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.09.28 16:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.02.15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008.02.15 17:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007.12.03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.07 17:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.09.07 09:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2007.09.07 09:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.09.07 09:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2007.09.07 09:50:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.08.28 06:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.07.27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe
PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.03 16:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.03 16:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.10.27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.25 20:32:44 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010.07.08 18:52:24 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2006.11.03 16:46:24 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006.11.03 16:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006.10.27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006.10.27 15:16:40 | 000,138,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2006.10.26 21:30:42 | 000,065,312 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (stllssvr)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.02.23 10:01:28 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2008.02.15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.01.24 11:21:24 | 000,375,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.01.24 11:21:14 | 000,177,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.24 19:14:56 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.15 18:42:02 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewsercd.sys -- (ewsercd)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.10.17 01:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.01.06 16:42:23 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.10 21:10:56 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.10 21:10:56 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.12.13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.26 16:06:24 | 000,129,824 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008.09.26 16:06:24 | 000,032,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2008.08.25 15:48:18 | 000,040,496 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008.02.20 17:17:01 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.02.15 17:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.01.19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.07 09:37:36 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.07 10:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007.09.07 09:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.07 07:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.07 07:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.07 07:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.08.28 06:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080209
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080209
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.11.24 19:34:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.24 19:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.11.24 19:34:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 20:32:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.01 18:49:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2011.04.24 18:37:16 | 000,000,000 | ---D | M]
 
[2011.11.25 20:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 14:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.25 20:32:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 18:28:31 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (IE 4.x-6.x BHO for Download Master) - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\Programme\Download Master\dmiehlp.dll (WestByte)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Экспорт в Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerдt senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerдt senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra Button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe (WestByte)
O9 - Extra 'Tools' menuitem : &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe (WestByte)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38A0ECDE-9CD2-42E7-A024-20221FF2743E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{669d330d-d703-11dc-986c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{669d330d-d703-11dc-986c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.04 14:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.04 14:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.04 14:50:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.04 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.03 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.24 19:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2011.11.24 19:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.11.24 19:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.11.24 19:14:56 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.11.24 14:33:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.11.24 14:33:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.11.24 14:33:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.11.18 12:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.18 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011.11.18 12:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011.11.18 12:08:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\3DMark
[2011.11.18 10:56:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Папка обмена Bluetooth
[2011.11.18 10:56:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Bluetooth Software
[2011.11.18 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google
[2011.11.18 10:52:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ICQ Toolbar
[2011.11.18 10:36:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Eigene Google Gadgets
[2011.11.18 10:36:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ApplicationHistory
[2011.11.18 10:35:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.11.18 10:33:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011.11.18 10:33:17 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten
[2011.11.18 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2011.11.18 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011.11.18 10:33:04 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.11.18 10:33:04 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Roaming
[2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.04 17:09:45 | 001,480,118 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011.12.04 17:09:45 | 000,630,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 17:09:45 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 17:09:45 | 000,131,080 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 17:09:45 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.04 17:09:35 | 001,048,576 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2011.12.04 17:09:05 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.12.04 17:09:05 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.12.04 17:03:34 | 000,114,381 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.04 17:03:34 | 000,114,381 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.04 17:03:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.04 17:03:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 17:03:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 17:03:18 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.12.04 17:03:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011.12.04 17:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 17:02:07 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.04 16:58:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.04 14:50:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.04 14:16:19 | 002,433,699 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2011.12.03 19:08:37 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.29 18:42:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.11.24 19:17:00 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.11.24 19:17:00 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.11.24 19:14:56 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.11.24 12:14:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.18 12:19:06 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.18 12:09:45 | 000,000,613 | ---- | M] () -- C:\Users\Administrator\Desktop\3DMark2001SE - Verknüpfung.lnk
[2011.11.18 10:50:00 | 000,109,720 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2011.11.18 10:36:06 | 000,000,101 | ---- | M] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011.11.18 10:35:12 | 000,008,224 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2011.11.18 10:33:05 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.11.18 10:33:05 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
 
========== Files Created - No Company Name ==========
 
[2011.12.04 14:50:16 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.04 14:16:19 | 002,433,699 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2011.12.03 19:08:37 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.24 19:17:00 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.11.24 19:17:00 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.11.18 12:19:06 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.18 12:09:45 | 000,000,613 | ---- | C] () -- C:\Users\Administrator\Desktop\3DMark2001SE - Verknüpfung.lnk
[2011.11.18 10:48:52 | 000,000,946 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.11.18 10:36:13 | 000,109,720 | ---- | C] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2011.11.18 10:36:06 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011.11.18 10:35:12 | 000,008,224 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2011.11.18 10:33:52 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.11.18 10:33:17 | 000,000,917 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.11.18 10:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.11.18 10:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.11.18 10:33:05 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.11.18 10:33:05 | 000,000,020 | -HS- | C] () -- C:\Users\Administrator\ntuser.ini
[2011.11.18 10:33:04 | 001,048,576 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT
[2011.10.16 18:28:15 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.09.27 19:13:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.09.27 19:13:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.04.24 18:23:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.04.24 18:21:45 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.02.24 17:02:22 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2010.02.10 18:28:22 | 000,000,022 | ---- | C] () -- C:\Windows\Kyor.ini
[2010.02.10 18:25:05 | 000,000,035 | ---- | C] () -- C:\Windows\rms.dat
[2009.12.03 23:02:42 | 001,738,128 | ---- | C] () -- C:\Windows\System32\BCGPStyle2007Luna.dll
[2009.12.02 16:54:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.19 20:52:07 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\03C098E9FC.sys
[2009.09.19 20:27:47 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.08.15 20:33:37 | 000,006,266 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.08.15 20:33:37 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\3478262EB3.sys
[2009.08.15 13:53:45 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.08.15 13:53:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5E1201E55F.sys
[2009.07.17 13:47:57 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009.07.12 14:50:19 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.12 14:50:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.07.12 14:50:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.07.12 14:50:17 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.07.12 14:50:17 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.07.12 14:50:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.07.12 14:50:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.07.10 21:10:56 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.10 21:10:56 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.27 14:57:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.27 14:57:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.27 14:57:02 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009.01.23 23:00:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.01.23 18:27:37 | 000,673,792 | ---- | C] () -- C:\Windows\is-2S659.exe
[2008.12.15 21:00:54 | 000,114,381 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.15 21:00:36 | 000,114,381 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.22 15:50:29 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.11.22 15:49:43 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.22 15:49:34 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.10.14 20:24:15 | 000,000,024 | ---- | C] () -- C:\Windows\ird.ini
[2008.08.19 19:39:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.18 20:46:18 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008.06.07 22:27:29 | 000,000,022 | ---- | C] () -- C:\ProgramData\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[2008.02.21 18:27:00 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.02.19 19:05:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.02.09 20:35:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.02.09 20:35:01 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.02.09 12:55:37 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008.02.09 12:41:53 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.11 20:52:50 | 000,454,656 | ---- | C] () -- C:\Windows\System32\mmSQL.dll
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:33:31 | 000,630,952 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,131,080 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,410,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 001,480,118 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006.11.02 11:33:01 | 000,607,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,604 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006.11.02 08:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006.11.02 08:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006.11.02 08:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006.11.02 08:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006.11.02 08:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006.11.02 08:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006.11.02 08:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006.11.02 08:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006.11.02 08:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006.11.02 08:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006.11.02 08:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006.11.02 08:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006.11.02 08:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006.11.02 08:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006.11.02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006.11.02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006.11.02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006.11.02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006.11.02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006.11.02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006.11.02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006.11.02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006.11.02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006.11.02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006.11.02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006.11.02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006.11.02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006.11.02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006.11.02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006.11.02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.08.17 13:53:03 | 000,401,408 | ---- | C] () -- C:\Windows\System32\StepButtonS.dll
[2005.05.20 00:56:26 | 000,491,520 | ---- | C] () -- C:\Windows\System32\mp3lib.dll
[2003.01.14 06:45:02 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UNZDLL.dll
[2003.01.14 06:37:28 | 000,138,752 | ---- | C] () -- C:\Windows\System32\ZipDLL.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.05.24 12:20:38 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
 
========== LOP Check ==========
 
[2011.11.18 10:52:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ Toolbar
[2011.11.29 18:42:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.04 17:02:08 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.04 17:03:18 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E74F5F70

< End of report >
         
und Instalierte Programme


Code:
ATTFilter
ABBYY FineReader 11	ABBYY	27.09.2011	713MB	11.0.289
Acronis*Disk Director Server	Acronis	19.02.2008	41,4MB	10.0.2169
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	23.11.2011		11.1.102.55
Adobe Flash Player ActiveX	Adobe Systems Incorporated	08.02.2008		9.0.47.0
Adobe Reader 8.3.1 - Deutsch	Adobe Systems Incorporated	13.09.2011	102,0MB	8.3.1
Advanced Audio FX Engine		08.02.2008		
Advanced Audio Recorder v6.0.2	AAR Inc.	03.12.2008	17,1MB	
Advanced Video FX Engine		08.02.2008		
ANNO 1404	Ubisoft	07.02.2010	3.160MB	1.00.0000
Apple Application Support	Apple Inc.	25.06.2010	39,7MB	1.2.1
Apple Software Update	Apple Inc.	25.06.2010	2,16MB	2.1.1.116
Audio 180%	Franzis Verlag Gmbh	26.07.2008		
Benutzerhandbuch		08.02.2008	0,82MB	
bhv Schule total 2003 2004 Startzentrale	bhv	26.06.2010	1,37MB	1.00.0000
Canon Easy-WebPrint EX		01.08.2011	6,84MB	
Canon IJ Network Scan Utility		01.08.2011	1,07MB	
Canon IJ Network Tool		01.08.2011	2,91MB	
Canon MP Navigator EX 3.1		01.08.2011	72,5MB	
Canon MX340 series - регистрация пользователя		01.08.2011	1,09MB	
Canon MX340 series MP Drivers		01.08.2011	345MB	
Canon Utilities Easy-PhotoPrint EX		01.08.2011	222MB	
Canon Utilities My Printer		01.08.2011	5,23MB	
Canon Утилита быстрого набора		01.08.2011	8,52MB	
CCleaner	Piriform	02.12.2011	2,55MB	3.13
CD DriveTool		28.02.2008	0,12MB	
DBOX2 Image-Flashing-Assistent 3.1.1	Hallenberg.com	04.10.2009	4,12MB	
Dealio Toolbar v4.6	Spigot, Inc.	26.08.2011	3,21MB	4.6
Dell Driver Download Manager	Dell Inc.	23.12.2009		2.0.0.0
Dell Handbuch zum Einstieg	Dell Inc.	08.02.2008		1.00.0000
Dell Support Center	Dell Inc.	17.10.2011	119,5MB	3.1.5907.12
Dell Touchpad	Alps Electric	08.02.2008	7,66MB	7.1.102.7
Dell Webcam Center		08.02.2008	14,1MB	
Dell Webcam Manager		08.02.2008	0,77MB	
Download Master version 5.12.2.1289	WestByte	02.12.2011	6,72MB	5.12.2.1289
ElsterFormular für Privatanwender	Landesfinanzdirektion Thüringen	22.03.2011	143,2MB	12.1.1.6214p
EVEREST Corporate Edition v5.30	Lavalys, Inc.	19.08.2011	16,3MB	5.30
Favorit		14.06.2008		
Free Mp3 Wma Converter V 2.0	Koyote Soft	15.10.2011	26,2MB	2.0.0.0
Free Video Converter V 2.5	Koyote Soft	23.02.2010	13,2MB	2.5.0.0
FreePDF (Remove only)		26.09.2011	3,58MB	
Google Chrome	Google Inc.	08.02.2009	52,6MB	15.0.874.121
Google Desktop	Google	07.07.2010	8,61MB	5.9.1005.12335
Google Earth	Google	17.11.2011	92,8MB	6.1.0.5001
Google Toolbar for Internet Explorer	Google Inc.	29.11.2011	13,0MB	7.2.2318.1946
Google Updater	Google Inc.	03.10.2011	3,43MB	2.4.2432.1652
GPL Ghostscript	Artifex Software Inc.	26.09.2011	31,6MB	9.04
ICQ6.5	ICQ	12.03.2009	41,2MB	6.5
Intel(R) Matrix Storage Manager		08.02.2008	3,77MB	
Intel(R) PROSet/Wireless Software	Intel Corporation	08.02.2008		11.01.0000
J2SE Runtime Environment 5.0 Update 12	Sun Microsystems, Inc.	01.05.2009	146,2MB	1.5.0.120
JAP	JAP-Team	01.05.2009	8,00MB	00.11.001
Java(TM) 6 Update 22	Oracle	25.10.2011	97,1MB	6.0.220
Java(TM) 6 Update 29	Sun Microsystems, Inc.	14.09.2009	95,0MB	6.0.290
         

Alt 04.12.2011, 19:38   #2
Genascha
 
exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel - Standard

exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel



Bitte Thema entfernen, wurde versehentlich doppel erstellt!

Entschuldigung
__________________


Alt 04.12.2011, 20:07   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel - Standard

exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel



Zitat:
c:\programdata\Tages\100663909\anno1404_crack.exe (Trojan.Bancos)


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________
__________________

Alt 04.12.2011, 20:25   #4
Genascha
 
exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel - Standard

exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel



Danke, wird erneuert.

Antwort

Themen zu exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel
adware.egdaccess, alternate, anlage, browser, canon, converter, desktop, disk director, e-banking, excel, excel.exe, firefox, flash player, frage, google, google earth, helper, home, internet security 2012, intranet, kaspersky, langs, logfile, malware, malware.packer.genx, nvlddmkm.sys, plug-in, problem, programm, registry, rogue.webmedia, scan, schädling, searchqu toolbar, security, software, starmoney, system neu, tastatur, updates, video converter, virus, vista, wma




Ähnliche Themen: exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel


  1. Exe/cve-2010-4452
    Log-Analyse und Auswertung - 07.10.2012 (3)
  2. EXP/CVE-2010-4452.Q in C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deploym
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (3)
  3. EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (12)
  4. Wie beseitige ich EXP/CVE-2010-4452.D ?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (7)
  5. Exploit.Java.CVE-2010-0840.N in \AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (21)
  6. JAVA-EXPLOIT EXP/CVE-2010-0840.FL, etc. im Java-Cache
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (15)
  7. Exp/cve-2010-4452.ce
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (1)
  8. Antivir findet EXP/CVE-2010-4452.CE
    Log-Analyse und Auswertung - 10.01.2012 (52)
  9. [doppelt/crack] exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel
    Mülltonne - 04.12.2011 (1)
  10. Exploit:Java/CVE-2010-0840.KM von MSE gemeldet
    Log-Analyse und Auswertung - 06.11.2011 (2)
  11. RE: Exploit.Java.CVE-2010-0840.ed bei MbaM Scan
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (1)
  12. Kaspersky findet EXPLOIT.JAVA.CVE-2010-0840.CR
    Log-Analyse und Auswertung - 06.10.2011 (12)
  13. Virusfund! EXP/CVE-2010-4452.C
    Log-Analyse und Auswertung - 22.08.2011 (12)
  14. Java-Exploit (CVE-2010-0840.l) (C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (3)
  15. exploit.java.CVE-2010-4452.a
    Log-Analyse und Auswertung - 05.08.2011 (1)
  16. Exploit:Java/CVE-2010-0842.N
    Plagegeister aller Art und deren Bekämpfung - 27.07.2011 (20)
  17. Java-Exploit (CVE-2010-0840.AA) beim Surfen gefunden (C:\Users\Leomuck\AppData\Local\Temp\)
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (5)

Zum Thema exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel - Hallo Mädels, hallo Jüngs, Mein Problem ist folgendes: ich habe einen Virensuchlauf mit Kaspersky 2012 gemacht und leider wurde auch etwas gefunden und zwar handelt es sich um Malware exploit.java.CVE-2010-4452.a. - exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel...
Archiv
Du betrachtest: exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.