Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
HEUR:Exploit Java. CVE-2012-4681.gen Trojaner

HEUR:Exploit Java. CVE-2012-4681.gen Trojaner


Plagegeister aller Art und deren Bekämpfung: HEUR:Exploit Java. CVE-2012-4681.gen Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.11.2012, 21:42   #1
otherone
 
HEUR:Exploit Java. CVE-2012-4681.gen Trojaner - Standard

HEUR:Exploit Java. CVE-2012-4681.gen Trojaner


Hallo zusammen,

da dies hier mein erster Beitrag im Forum ist, hoffe ich einfach alles richtig zu beschreiben.


Mein Kaspersky Internet Security 2013 hat folgende Malware bei mir auf dem 64 Bit Win 7 Rechner gefunden:

HEUR:Exploit Java. CVE-2012-4681.gen

Eine suche über Viruslist.com brachte leider keine Treffer um zu sehen um was für einen Plagegeist es sich handelt.

Mit dem Programm Malewarebytes Anti-Malware konnte (leider?) nichts gefunden werden

Log:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
stefan :: STEFAN-PC [Administrator]

Schutz: Aktiviert

05.11.2012 21:29:59
mbam-log-2012-11-05 (21-29-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220674
Laufzeit: 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Logfile OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.11.2012 21:34:55 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\stefan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 13,59 Gb Available Physical Memory | 85,06% Memory free
31,96 Gb Paging File | 29,38 Gb Available in Paging File | 91,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 43,25 Gb Free Space | 38,69% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 391,04 Gb Free Space | 83,98% Space Free | Partition Type: NTFS
Drive F: | 252,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,98 Gb Total Space | 2,04 Gb Free Space | 51,25% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.05 21:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\stefan\Desktop\OTL.exe
PRC - [2012.11.02 19:18:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.21 21:38:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.09.06 02:24:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.21 09:24:20 | 002,417,152 | ---- | M] () -- D:\Programme\Usenext\UseNeXT.exe
PRC - [2012.08.17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2011.05.19 14:39:18 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.19 14:39:14 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [1999.09.30 20:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.02 19:18:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.10.01 19:45:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.10.01 19:45:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.10.01 19:45:48 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d27d5cced1b7d812f60e71d4e509661d\IAStorCommon.ni.dll
MOD - [2012.10.01 19:45:46 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ce7268841a00e097fc0b70869f10e780\IAStorUtil.ni.dll
MOD - [2012.10.01 19:45:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.10.01 19:45:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.10.01 19:45:40 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012.10.01 19:45:39 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.10.01 19:45:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.10.01 19:45:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.10.01 19:45:33 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.09.06 02:25:12 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.21 09:24:20 | 002,417,152 | ---- | M] () -- D:\Programme\Usenext\UseNeXT.exe
MOD - [2012.08.17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012.07.11 13:39:26 | 000,160,768 | ---- | M] () -- D:\Programme\Usenext\unrar.dll
MOD - [2011.04.12 08:43:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 00:26:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.17 18:12:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.21 21:38:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.09.06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2011.05.19 14:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.16 17:18:33 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.27 18:10:08 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.09.19 13:05:39 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.09.19 13:05:39 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.13 15:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 14:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.19 16:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.06.08 10:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 16:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 09:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 09:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.06.22 06:09:04 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.09.19 12:59:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.09.19 12:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.09.19 12:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.09.19 12:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.09.19 12:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.19 13:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.19 15:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.09.19 13:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Extensions
[2012.10.23 17:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\d4i9qo8f.default\extensions
[2012.09.19 13:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C979849-8DA8-4186-B049-CC3787BE3C49}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{38905852-024f-11e2-99ed-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{38905852-024f-11e2-99ed-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Bin\assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.11.05 21:34:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\stefan\Desktop\OTL.exe
[2012.11.04 19:59:49 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Malwarebytes
[2012.11.04 19:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.04 19:59:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.04 19:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.04 19:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.04 19:57:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.04 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Local\MFAData
[2012.11.04 19:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.11.04 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Local\Avg2013
[2012.11.02 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\LolClient
[2012.11.02 19:18:28 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Local\PMB Files
[2012.11.02 19:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.11.02 19:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.11.02 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\stefan\.swt
[2012.10.21 09:11:05 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrintKey2000
[2012.10.21 09:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintKey2000
[2012.10.21 09:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrintKey2000
[2012.10.17 17:05:48 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2012.10.17 17:05:01 | 000,000,000 | ---D | C] -- C:\Netgear
[2012.10.16 17:23:25 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\WinRAR
[2012.10.16 17:23:25 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.16 17:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.16 17:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.10.16 17:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.10.16 17:18:33 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.16 17:18:31 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\DAEMON Tools Lite
[2012.10.16 17:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.10.16 17:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.10.13 18:44:45 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Apple Computer
[2012.10.13 18:44:45 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Local\Apple Computer
[2012.10.13 18:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.13 18:44:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.10.13 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.13 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.10.13 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.13 18:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.10.13 18:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.13 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Local\Apple
[2012.10.13 18:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.10.13 18:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.10.13 18:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.10.13 18:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.10.13 18:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.10.13 18:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.10.07 11:20:41 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\vlc
[2012.10.07 11:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.07 11:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.05 21:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\stefan\Desktop\OTL.exe
[2012.11.05 21:16:55 | 000,000,168 | ---- | M] () -- C:\Users\stefan\defogger_reenable
[2012.11.05 21:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.05 21:04:30 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 21:04:30 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 21:03:26 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.05 21:03:26 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.05 21:03:26 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.05 21:03:26 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.05 21:03:26 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.05 20:57:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.05 20:57:24 | 4280,193,022 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.04 19:59:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.02 20:32:40 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.10.21 09:11:05 | 000,001,005 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
[2012.10.17 17:25:23 | 000,006,332 | ---- | M] () -- C:\Users\stefan\Desktop\Router_Setup.html
[2012.10.16 17:18:58 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.10.16 17:18:33 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.13 18:49:44 | 003,978,653 | ---- | M] () -- C:\Users\stefan\Desktop\01 Zedd - Spectrum ft. Matthew Kom 1.mp3
[2012.10.13 18:44:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.07 11:18:59 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.05 21:16:55 | 000,000,168 | ---- | C] () -- C:\Users\stefan\defogger_reenable
[2012.11.04 19:59:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.02 20:32:40 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.10.21 09:11:05 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
[2012.10.17 17:25:23 | 000,006,332 | ---- | C] () -- C:\Users\stefan\Desktop\Router_Setup.html
[2012.10.17 17:25:23 | 000,000,172 | R--- | C] () -- C:\Users\stefan\Desktop\Router Login.url
[2012.10.16 17:18:58 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.10.13 18:48:04 | 003,978,653 | ---- | C] () -- C:\Users\stefan\Desktop\01 Zedd - Spectrum ft. Matthew Kom 1.mp3
[2012.10.13 18:44:35 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.13 18:43:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.10.07 11:18:59 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.21 21:24:03 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.21 21:24:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.19 12:51:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.09.19 12:51:39 | 000,030,477 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.04 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\DAEMON Tools Lite
[2012.11.02 21:21:09 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\LolClient
[2012.09.21 17:21:09 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Origin
[2012.09.19 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Thunderbird
[2012.11.05 21:31:34 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\UseNeXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---



Eine Extra.txt habe ich leider nicht finden können.


Defogger habe ich wie im Forum beschrieben laufen lassen.


Macht mich Kaspersky nur verrückt, oder habe ich wirklich was böses eingefangen ?


Es wäre sehr nett wenn mir bei dem Problem jemand helfen könnte.

Vielen Dank im vorraus

:-)

 

Themen zu HEUR:Exploit Java. CVE-2012-4681.gen Trojaner
.com, administrator, adobe, avg, bho, bonjour, ebanking, explorer, firefox, flash player, format, helper, heur, heur:exploit java. cve-2012-4681.gen, home, internet, internet security 2013, java., kaspersky, kaspersky internet security 2013, launch, league of legends, malware, mozilla, nvidia update, pando media booster, plug-in, problem, programm, realtek, registry, security, software, spielen, tastatur, trojaner, usenext


« norton internet security 2013 zeigt an Computer ist gefährdet, aber macht nichts | claro search läßt sich nicht löschen »


Ähnliche Themen: HEUR:Exploit Java. CVE-2012-4681.gen Trojaner


  1. HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (12)
  2. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  3. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  4. Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (37)
  5. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt
    Log-Analyse und Auswertung - 09.04.2013 (18)
  6. Trojaner gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (3)
  7. HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (40)
  8. Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 30.01.2013 (15)
  9. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  10. "HEUR:Exploit.Java.CVE-2012-4681.gen" entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (2)
  11. Wie entferne ich HEUR:Exploit.Java.CVE-2012-4681.gen von meinem Rechner ?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (29)
  12. HEUR:Exploit.Java.CVE-2012-1723.gen in c:/documents and settings/.../appdata/locallow/sun/java/deployment/cache/6.0/1/3935ec1-7693a783
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (2)
  13. HEUR:Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 26.11.2012 (23)
  14. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  15. HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (15)
  16. HEUR:Exploit.Java.CVE-2012-4681.gen -wie entfernen
    Mülltonne - 15.11.2012 (1)
  17. Trijaner-Downloader.JS.Agent.gmg+Heur:Exploit.Java.CVE.2012-4681.ger
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema HEUR:Exploit Java. CVE-2012-4681.gen Trojaner - Hallo zusammen, da dies hier mein erster Beitrag im Forum ist, hoffe ich einfach alles richtig zu beschreiben. Mein Kaspersky Internet Security 2013 hat folgende Malware bei mir auf dem - HEUR:Exploit Java. CVE-2012-4681.gen Trojaner...

Alle Zeitangaben in WEZ +1. Es ist jetzt 16:03 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: HEUR:Exploit Java. CVE-2012-4681.gen Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55