Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 14.05.2012, 10:07   #1
Dwarf36
 
Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner - Standard

Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner



Guten Morgen liebes Trojaner-Board-Team,

am Freitag abend hat mein Anitvirenprogramm Panda Cloud Pro bei einem Komplett-scan offensichtlich zwei Exploit-Trojaner CVE-2011-3544 gefunden.

Ich bin nun nicht ganz sicher, wie schädlich diese Trojaner nun wirklich sind bzw. ob es vielleicht ein Fehlalarm war.


Hier die Panda-Meldung:

Trojaner erkannt Exploit/CVE-2011-3544 11.05.2012 21:34:53 Gelöscht
Speicherort: C:\Documents and Settings\Admin\Local Settings\Temp\jar_cache83257024404009451.tmp

Trojaner erkannt Exploit/CVE-2011-3544 11.05.2012 21:34:53 Gelöscht
Speicherort: C:\Documents and Settings\Admin\Local Settings\Temp\jar_cache7245202067117167114.tmp


Nachdem ich dann einen MbAM bzw ESET Komplettscan gemacht habe, erhielt ich folgenden log:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: XXX-02 [Administrator]

12.05.2012 10:03:31
mbam-log-2012-05-12 (10-03-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 348978
Laufzeit: 1 Stunde(n), 44 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\_restore{91F269A0-A726-47C4-96C4-2E139E1AEA1C}\RP944\A0163335.rbf (PUP.Dealio.TB) -> Keine Aktion durchgeführt.

(Ende)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ESET

C:\Documents and Settings\Admin\Local Settings\Temp\_ir_sf_temp_0\flvinstaller.exe Win32/DownloadAdmin.A.Gen application

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Danach habe ich einen OTL-log erstellt:

OTL logfile created on: 12.05.2012 16:02:41 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 74,56% Memory free
4,84 Gb Paging File | 4,23 Gb Available in Paging File | 87,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 161,81 Gb Free Space | 69,48% Space Free | Partition Type: NTFS
Drive D: | 6,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: xxx-02 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Documents and Settings\Admin\Application Data\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Documents and Settings\Admin\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\PLFSetI.exe ()
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll ()
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (MZCCntrl) -- C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (kxddqpow) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\kxddqpow.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NETwLx32) Intel(R) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (filtertdidriver) -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys (Huawei Technologies Co., Ltd.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (itecir) -- C:\WINDOWS\system32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (MACNDIS5) -- C:\Program Files\Common Files\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (jatmlano) -- C:\Documents and Settings\klst\Local Settings\Temp\jatmlano.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {D2BA9B10-C970-4068-A295-B849275C5E9F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
IE - HKCU\..\SearchScopes\{4EE3A5CE-E0B5-4D61-8F8E-9F661FB98BDB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{D2BA9B10-C970-4068-A295-B849275C5E9F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{D5E322B5-5DCE-4DEC-931A-F5A6CFEAEF25}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{F571603B-B18B-446D-908D-6D938175A474}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Admin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.22 19:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.03 09:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2011.02.21 09:28:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012.04.30 18:56:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8087-36EE87E26986} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [1und1Dispatcher] C:\Program Files\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with mvc-ipad-software-suite-pro - C:\Program Files\mediAvatar\iPad Software Suite Pro\upod_link.HTM File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} hxxp://versionone/projectserver/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} hxxp://versionone/projectserver/objects/1033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC90F98-68D5-46BE-9D0C-4D977498C6BB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.11 15:58:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.12 16:00:55 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012.05.12 13:37:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.com
[2012.05.12 13:16:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2012.05.12 13:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012.05.12 13:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.11 23:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.11 22:52:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2012.05.08 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012.05.05 10:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Search Settings
[2012.05.05 10:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.05.05 10:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.05.05 10:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.04.30 18:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Miro
[2012.04.30 18:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Participatory Culture Foundation
[2012.04.30 18:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2012.04.30 18:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\AVG Secure Search
[2012.04.30 18:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012.04.30 18:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.04.30 18:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.04.30 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\mediAvatar
[2012.04.30 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\mediAvatar
[2012.04.18 13:02:35 | 000,000,000 | ---D | C] -- C:\temp
[2011.12.06 16:12:30 | 000,050,176 | ---- | C] (Gunnar Blumert Softwareentwicklung) -- C:\Program Files\WinRail 7.0WR3D.enu
[2011.01.16 13:34:48 | 070,984,344 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Samsung_PC_Studio_322_HF1.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.12 16:03:01 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.12 16:02:21 | 431,730,464 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012.05.12 16:01:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012.05.12 16:01:00 | 011,424,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012.05.12 15:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.12 13:37:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.com
[2012.05.12 13:36:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2012.05.12 13:35:49 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2012.05.12 13:32:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\7jfpcnp7.exe
[2012.05.12 13:29:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.12 13:05:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.12 10:03:04 | 000,484,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.12 10:03:04 | 000,080,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.12 09:58:51 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.12 09:58:51 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-115176313-839522115-1003.job
[2012.05.12 09:58:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.12 09:57:30 | 005,787,344 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012.05.12 09:57:30 | 001,075,892 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012.05.12 08:46:26 | 000,033,628 | ---- | M] () -- C:\WINDOWS\TempCloudAV0512064520_652.csv
[2012.05.11 22:51:12 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Secure Eraser.lnk
[2012.05.11 22:48:44 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.11 22:11:27 | 000,008,910 | ---- | M] () -- C:\WINDOWS\TempCloudAV0511201000_652.csv
[2012.05.11 22:07:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.11 22:02:16 | 000,147,990 | ---- | M] () -- C:\WINDOWS\TempCloudAV0511052415_1092.csv
[2012.05.11 20:45:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012.05.11 19:18:00 | 1199,882,154 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).ipad.mp4
[2012.05.11 18:20:36 | 000,001,742 | -H-- | M] () -- C:\Documents and Settings\Admin\My Documents\Default.rdp
[2012.05.11 17:43:58 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.11 17:30:10 | 988,551,973 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Street Fighter (1994).ipad.mp4
[2012.05.11 16:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{ABFD01D0-37BD-4458-B384-7596EC0661D7}_KLST-02_Admin.job
[2012.05.11 16:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{1D61C1B1-17FD-49B6-948A-6E1DC5CA11C8}_KLST-02_Admin.job
[2012.05.11 13:56:12 | 925,346,837 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\The Shepherd - Border Patrol[2008].ipad.mp4
[2012.05.11 10:00:38 | 916,693,417 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Resident Evil 3 - Extinction.ipad.mp4
[2012.05.11 09:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{C7BF4CC6-D3E5-490D-BE80-E2E8FF8581A2}_KLST-02_Admin.job
[2012.05.11 08:26:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012.05.11 07:23:55 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.08 22:02:36 | 004,518,228 | ---- | M] () -- C:\WINDOWS\TempCloudAV0508061533_740.csv
[2012.05.08 12:23:11 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012.05.06 17:59:15 | 000,061,565 | ---- | M] () -- C:\WINDOWS\TempCloudAV0506154640_688.csv
[2012.05.04 21:53:27 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.04 21:53:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.05.04 21:10:18 | 000,003,872 | ---- | M] () -- C:\WINDOWS\TempCloudAV0504191002_664.csv
[2012.05.04 10:35:59 | 000,008,199 | ---- | M] () -- C:\WINDOWS\TempCloudAV0504083514_1880.csv
[2012.05.03 20:02:33 | 000,474,503 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\FLT_USQKST27533_0.pdf
[2012.05.02 13:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.05.01 20:35:14 | 003,778,897 | ---- | M] () -- C:\WINDOWS\TempCloudAV0501084950_648.csv
[2012.04.30 17:14:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-115176313-839522115-1003.job
[2012.04.27 08:24:56 | 000,025,075 | ---- | M] () -- C:\WINDOWS\TempCloudAV0427062432_1120.csv
[2012.04.24 19:10:54 | 006,070,962 | ---- | M] () -- C:\WINDOWS\TempCloudAV0424065012_628.csv
[2012.04.24 08:04:38 | 000,080,071 | ---- | M] () -- C:\WINDOWS\TempCloudAV0424060219_632.csv
[2012.04.23 19:33:03 | 006,868,959 | ---- | M] () -- C:\WINDOWS\TempCloudAV0423055646_808.csv
[2012.04.22 19:10:18 | 000,098,137 | ---- | M] () -- C:\WINDOWS\TempCloudAV0422163416_1188.csv
[2012.04.21 15:54:42 | 001,237,424 | ---- | M] () -- C:\WINDOWS\TempCloudAV0421071622_1012.csv
[2012.04.20 21:58:45 | 006,907,068 | ---- | M] () -- C:\WINDOWS\TempCloudAV0420053257_1312.csv
[2012.04.20 07:25:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\TempCloudAV0420052245_740.csv
[2012.04.19 10:28:59 | 000,015,830 | ---- | M] () -- C:\WINDOWS\TempCloudAV0419082606_792.csv
[2012.04.17 10:40:16 | 000,057,283 | ---- | M] () -- C:\WINDOWS\TempCloudAV0417083911_1900.csv
[2012.04.13 15:02:35 | 007,687,429 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\TextureSamples.zip
[2012.04.13 08:42:56 | 000,282,631 | ---- | M] () -- C:\WINDOWS\TempCloudAV0413062346_1248.csv
[2012.04.12 22:27:51 | 005,412,997 | ---- | M] () -- C:\WINDOWS\TempCloudAV0412060519_1164.csv
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.12 13:36:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2012.05.12 13:35:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2012.05.12 13:32:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\7jfpcnp7.exe
[2012.05.12 13:05:42 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.12 08:45:56 | 000,033,628 | ---- | C] () -- C:\WINDOWS\TempCloudAV0512064520_652.csv
[2012.05.11 22:51:12 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Secure Eraser.lnk
[2012.05.11 22:10:16 | 000,008,910 | ---- | C] () -- C:\WINDOWS\TempCloudAV0511201000_652.csv
[2012.05.11 22:07:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.11 17:44:16 | 1199,882,154 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).ipad.mp4
[2012.05.11 17:39:52 | 1416,542,208 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).avi
[2012.05.11 16:26:31 | 988,551,973 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Street Fighter (1994).ipad.mp4
[2012.05.11 12:48:47 | 925,346,837 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\The Shepherd - Border Patrol[2008].ipad.mp4
[2012.05.11 09:06:56 | 916,693,417 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Resident Evil 3 - Extinction.ipad.mp4
[2012.05.11 07:25:46 | 000,147,990 | ---- | C] () -- C:\WINDOWS\TempCloudAV0511052415_1092.csv
[2012.05.08 12:23:11 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012.05.08 08:16:26 | 004,518,228 | ---- | C] () -- C:\WINDOWS\TempCloudAV0508061533_740.csv
[2012.05.06 17:47:32 | 000,061,565 | ---- | C] () -- C:\WINDOWS\TempCloudAV0506154640_688.csv
[2012.05.04 21:10:17 | 000,003,872 | ---- | C] () -- C:\WINDOWS\TempCloudAV0504191002_664.csv
[2012.05.04 10:35:29 | 000,008,199 | ---- | C] () -- C:\WINDOWS\TempCloudAV0504083514_1880.csv
[2012.05.03 20:02:33 | 000,474,503 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\FLT_USQKST27533_0.pdf
[2012.05.01 10:50:15 | 003,778,897 | ---- | C] () -- C:\WINDOWS\TempCloudAV0501084950_648.csv
[2012.04.27 08:24:49 | 000,025,075 | ---- | C] () -- C:\WINDOWS\TempCloudAV0427062432_1120.csv
[2012.04.24 08:53:33 | 006,070,962 | ---- | C] () -- C:\WINDOWS\TempCloudAV0424065012_628.csv
[2012.04.24 08:03:01 | 000,080,071 | ---- | C] () -- C:\WINDOWS\TempCloudAV0424060219_632.csv
[2012.04.23 07:57:06 | 006,868,959 | ---- | C] () -- C:\WINDOWS\TempCloudAV0423055646_808.csv
[2012.04.22 18:34:47 | 000,098,137 | ---- | C] () -- C:\WINDOWS\TempCloudAV0422163416_1188.csv
[2012.04.21 09:18:50 | 001,237,424 | ---- | C] () -- C:\WINDOWS\TempCloudAV0421071622_1012.csv
[2012.04.20 08:02:53 | 006,907,068 | ---- | C] () -- C:\WINDOWS\TempCloudAV0420053257_1312.csv
[2012.04.20 07:25:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\TempCloudAV0420052245_740.csv
[2012.04.19 10:26:14 | 000,015,830 | ---- | C] () -- C:\WINDOWS\TempCloudAV0419082606_792.csv
[2012.04.17 10:40:00 | 000,057,283 | ---- | C] () -- C:\WINDOWS\TempCloudAV0417083911_1900.csv
[2012.04.13 15:02:34 | 007,687,429 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\TextureSamples.zip
[2012.04.13 08:23:54 | 000,282,631 | ---- | C] () -- C:\WINDOWS\TempCloudAV0413062346_1248.csv
[2012.02.15 09:13:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.26 13:09:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2011.11.08 11:22:41 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011.11.08 11:22:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011.09.20 10:27:35 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Albatros.ini
[2011.03.18 12:19:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.02.21 09:27:22 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011.01.03 09:44:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.23 23:16:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\AVSMediaPlayer.m3u
[2010.05.19 22:20:23 | 000,049,248 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA3BBF2

< End of report >


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


Zwischendurch hatte ich bereits eine "Defogger"- bzw CCleaner Durchlauf. Auch DDS/Attach bzw. Gmer-Logs wären zum Posten bereit (sollte es gewünscht sein)


Herzlichen Dank für Eure Hilfe im Voraus.

Viele Gruesse
Dwarf36

 

Themen zu Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner
.dll, administrator, adobe flash player, alternate, antivirus, avg, avg secure search, avg security toolbar, avp, avp.exe, bho, bonjour, cdburnerxp, cloud, dateisystem, device driver, explorer, fehlalarm, firefox, flash player, helper, heuristiks/extra, heuristiks/shuriken, installation, intranet, kaspersky, launch, log, logfile, nt.dll, pdfforge toolbar, plug-in, programm, pup.dealio.tb, realtek, registry, searchscopes, secure search, security, software, staropen, t-mobile, temp, trojane, trojaner, version=1.0, vtoolbarupdater




Ähnliche Themen: Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner


  1. Panda Cloud Antivirus meldet mehrfach Virenbefall (Trojaner) in 800000cb.@
    Log-Analyse und Auswertung - 01.07.2013 (14)
  2. Panda Cloud Antivirus Free - Großes Problem
    Antiviren-, Firewall- und andere Schutzprogramme - 29.06.2013 (18)
  3. Exploit.Java.CVE-2011-3544.jy + Weitere Viren?
    Log-Analyse und Auswertung - 20.12.2012 (34)
  4. Java/Exploit.CVE-2011-3544.BR trojan
    Log-Analyse und Auswertung - 28.11.2012 (14)
  5. Exp/cve-2011-3544
    Log-Analyse und Auswertung - 15.10.2012 (1)
  6. Laptop befallen von: Exploit.Java.cve-2011-3544.ji, Was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (12)
  7. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  8. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  9. Java-Script Virus: Exploit: Java/CVE-2011-3544.gen!E
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (13)
  10. Trojaner Ransom EJ 28 & PSW Zbot Y 876 & EXP/2011-3544.BU.1 zusammen aufgetaucht
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (23)
  11. Exp/2011-3544.hh
    Log-Analyse und Auswertung - 26.04.2012 (1)
  12. Trojaner Exploit.Java.CVE-2011-3544.jh & Virus P2P-Worm.Win23.Palevo.nzl
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (5)
  13. 2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (30)
  14. exploit.java.cve-2011-3544 irreparabel
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (23)
  15. "BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (13)
  16. Panda Cloud Antivirus läßt sich nicht starten
    Antiviren-, Firewall- und andere Schutzprogramme - 12.12.2011 (15)
  17. Panda Cloud Antivirus
    Antiviren-, Firewall- und andere Schutzprogramme - 06.05.2009 (6)

Zum Thema Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner - Guten Morgen liebes Trojaner-Board-Team, am Freitag abend hat mein Anitvirenprogramm Panda Cloud Pro bei einem Komplett-scan offensichtlich zwei Exploit-Trojaner CVE-2011-3544 gefunden. Ich bin nun nicht ganz sicher, wie schädlich diese - Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner...
Archiv
Du betrachtest: Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.