Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.12.2011, 01:55   #1
andrews0815
 
Windows Security Center 2012, Java/CVE-2011-3544.D  und weitere Malware? - Standard

Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?



Hallo,
Kämpfe seit 2 Tagen mit diversesten Malwareproblemen, Scannern (und deren unverständlichen Logs) herum. Angefangen hat das Ganze gestern mit der schon anderweitigen beschriebenen Windows Security Center 2012 Geschichte (http://www.trojaner-board.de/100079-...entfernen.html) . Habe das nette Cookbook von Trojanerboard befolgt, den rkill laufen lasssen (der hat zwar komisches Zeugs gekillt?), die Registry gepützelt und dann mbam in allen varianten laufen und fixen lassen. Den komischen, mit kyrillischen Beschreibungen versehene "ARK.exe" Prozess habe ich nicht mehr gesehen (nehme wohl an, das war mein "random.exe"), das ging wohl auch, das Ding mit den lästigen Security Center Warnungen war auch "schnell" weg, mbam lief dann auch heute durch, Details siehe Logs.

Nun war ich aber etwas stutzig, da ich vor ein paar Wochen einen dubiosen Anruf von "indischen MS Security Fritzen" erhielt, die aber schnell aufhängten, als ich genauer nachfragte, dachte diese Sorte Scams sei auf Amerika beschränkt...Damals liess ich den msert.exe laufen, der auch etwas gefixt hatte (was, weiss ich nicht mehr), mein Standard Scanner Avast (free version) hatte aber nie etwas Auffälliges gemeldet...? Dieser Tage nütze ich den Laptop wenig, da vergisst man derlei schnell.

Nun denn, holte mir heute das msert.exe nochmals, diesmal Fehlermeldung Exploit:Java/CVE-2011-3544.D; sollte ja Microsoft nun geputzt haben . Aber ich trau dem ganzen nicht mehr richtig: da sind drei komische userlose W32 Prozesse, die mich stören (csrss.exe, winlogon.exe und virtscrl.exe, die ersten beiden aber korrekt in Window32, der letztere nicht auffindbar), und generell scheint der Laptop etwas gar langsam. Und all die verschiedenen Scantool-Meldungen (etwas Scareware muss wohl sein, wenn man Business machen will!)? Lasse nun mal noch den OTL.exe laufen, könnte mir das wer anschauen und reinen Wein einschenken? Würde die Kiste äusserst ungern plätten :-(
Angehängte Dateien
Dateityp: txt mbam-log-2011-12-06-full.txt (1.001 Bytes, 191x aufgerufen)
Dateityp: txt rkill.log.txt (620 Bytes, 181x aufgerufen)
Dateityp: txt mbam-log-2011-12-06-quick.txt (1,5 KB, 199x aufgerufen)

Alt 08.12.2011, 15:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Security Center 2012, Java/CVE-2011-3544.D  und weitere Malware? - Standard

Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 08.12.2011, 21:31   #3
andrews0815
 
Windows Security Center 2012, Java/CVE-2011-3544.D  und weitere Malware? - Standard

Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?



Hallo Arne,

Ja, habe noch den mbam-Log von gestern nach den ganzen Säuberungsaktionen, der im wesentlichen nur besagt, dass alles OK sein soll, was ich wie gesagt ja bezweifle, sonst hab ich alles gelöscht (ich trau ja auch den Scannern nicht). Zudem weiss ich ja nicht, ob ein Scan im safemode genauso aussagekräftig ist, wie der im normalen Modus (er geht zumindest einiges schneller), der im normalen Modus ist mir vorgestern nacht eingeschlafen.


---------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8323

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

07.12.2011 09:57:53
mbam-log-2011-12-07 (09-57-53).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 389322
Time elapsed: 43 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------

Die OTL Logs hab ich auch, die scheinen mir mehr Infos zu haben - sorry, muss das Ding reinkopieren, die Antworten sind offensichtlich nicht attachmentfreundlich:


-----------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/8/2011 12:43:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\xxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
2.96 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 53.39% Memory free
2.96 Gb Paging File | 1.57 Gb Available in Paging File | 53.10% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 49.95 Gb Free Space | 22.51% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.06 Gb Free Space | 21.13% Space Free | Partition Type: NTFS
 
Computer Name: x200 | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\ACTray.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\DTS.exe ()
PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\Notes\nsd.exe (IBM)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.)
PRC - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL ()
MOD - C:\Program Files\Lenovo\Access Connections\AcWrpc.dll ()
MOD - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\hpzpi5k4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WMCoreService) -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (dtsvc) -- C:\Windows\System32\DTS.exe ()
SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe ()
SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Diagnostics) -- C:\Program Files\Notes\nsd.exe (IBM)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (WwanUsbServ) -- C:\Windows\System32\drivers\WwanUsbMp.sys (Ericsson AB)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (l36wgps) -- C:\Windows\System32\drivers\l36wgps.sys (Ericsson AB)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Mbm3Mdm) -- C:\Windows\System32\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV - (Mbm3DevMt)  Mobile Broadband Device Management Driver (WDM) -- C:\Windows\System32\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV - (Mbm3CBus) F3507g Mobile Broadband Device (WDM) -- C:\Windows\System32\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV - (Mbm3mdfl) -- C:\Windows\System32\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (ecnssndisfltr) -- C:\Windows\System32\drivers\wwanussf.sys (Ericsson AB)
DRV - (ecnssndis) -- C:\Windows\System32\drivers\wwanuss.sys (Ericsson AB)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (5U875UVC) -- C:\Windows\System32\drivers\RCUVCMNP.sys (Ricoh co.,Ltd.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo - Welcome - Country selection [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Lenovo | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 48 DA FD 94 E7 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/06 21:55:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 15:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/23 15:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/23 15:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\1.8.0.4 [2011/12/06 19:45:39 | 000,000,000 | ---D | M]
 
[2010/02/08 01:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions
[2010/02/08 01:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/11 23:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\6ncgf6hz.default\extensions
[2011/12/07 12:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/19 09:41:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/07 12:49:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/06 21:55:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/12/06 19:45:39 | 000,000,000 | ---D | M] (ThinkVantage Password Manager) -- C:\PROGRAM FILES\LENOVO\CLIENT SECURITY SOLUTION\PWM FIREFOX EXTENSION\1.8.0.4
[2011/11/23 14:57:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/19 10:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 10:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/09 22:40:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/09 22:40:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/09 22:40:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/09 22:40:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/09 22:40:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/09 22:40:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.71 194.230.1.39 194.230.1.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A03A056-9AF3-4F9D-BCEB-FF27B993B519}: DhcpNameServer = 194.230.1.71 194.230.1.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4C2A533-AF28-4D39-9F54-BBEB65FA3191}: DhcpNameServer = 194.230.1.71 194.230.1.39 194.230.1.103
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{94b5ae79-12b4-11df-b4c0-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{94b5ae79-12b4-11df-b4c0-028037ec0200}\Shell\AutoRun\command - "" = D:\setup.exe /AUTORUN
O33 - MountPoints2\{94b5ae79-12b4-11df-b4c0-028037ec0200}\Shell\configure\command - "" = D:\setup.exe
O33 - MountPoints2\{94b5ae79-12b4-11df-b4c0-028037ec0200}\Shell\install\command - "" = D:\setup.exe
O33 - MountPoints2\{e4c555fa-f20d-11de-bf7f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4c555fa-f20d-11de-bf7f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/08 00:18:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011/12/07 12:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/07 12:49:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/07 12:49:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/07 12:49:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/07 12:15:19 | 072,852,688 | ---- | C] (Microsoft Corporation) -- C:\Users\xxx\Desktop\msert.exe
[2011/12/07 12:01:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Trojan
[2011/12/06 23:26:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Apple Computer
[2011/12/06 20:15:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Lotus
[2011/12/06 19:43:52 | 000,032,824 | ---- | C] (Lenovo Information Product(ShenZhen China) Inc.) -- C:\Windows\System32\drivers\psadd.sys
[2011/12/06 17:55:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2011/12/06 17:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/23 23:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/11/23 16:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/23 15:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/23 15:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/23 15:34:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/23 15:25:45 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/23 15:25:45 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/23 15:25:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/23 15:25:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/23 15:25:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/23 15:25:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/23 15:25:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/23 15:25:16 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/23 15:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/20 02:03:09 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/02/03 10:32:28 | 003,550,592 | ---- | C] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Program Files\procexp.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/08 00:29:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 00:18:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011/12/07 23:51:47 | 000,671,140 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/07 23:51:47 | 000,129,944 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/07 20:31:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/07 18:29:02 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/07 15:00:11 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/07 12:59:49 | 000,025,600 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 12:48:51 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 12:48:51 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 12:40:30 | 2384,547,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/07 12:19:26 | 072,852,688 | ---- | M] (Microsoft Corporation) -- C:\Users\xxx\Desktop\msert.exe
[2011/12/06 22:16:38 | 000,007,605 | ---- | M] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2011/12/06 21:55:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/06 19:43:52 | 000,032,824 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) -- C:\Windows\System32\drivers\psadd.sys
[2011/12/06 19:35:46 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/12/06 17:36:11 | 000,011,246 | -HS- | M] () -- C:\Users\xxx\AppData\Local\4cvn82knc6a0o1
[2011/12/06 17:36:11 | 000,011,246 | -HS- | M] () -- C:\ProgramData\4cvn82knc6a0o1
[2011/11/29 15:47:09 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/23 16:36:15 | 000,068,590 | ---- | M] () -- C:\Users\xxx\Documents\Synchronisation_Lotus_Notes_Apple_iPhone_Synthesis_Todo_Cal_Client__1.wm2
[2011/11/23 15:45:46 | 000,002,003 | ---- | M] () -- C:\Users\xxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/23 15:41:41 | 000,415,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/23 15:33:41 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/23 15:33:41 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/23 15:27:38 | 002,341,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/23 15:27:28 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/23 15:27:28 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/23 15:27:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/23 15:27:28 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/23 15:27:28 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/23 15:18:01 | 006,143,647 | ---- | M] () -- C:\Users\xxx\Desktop\Asanas.pdf
[2011/11/23 15:01:37 | 000,002,683 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/06 17:09:41 | 000,011,246 | -HS- | C] () -- C:\Users\xxx\AppData\Local\4cvn82knc6a0o1
[2011/12/06 17:09:41 | 000,011,246 | -HS- | C] () -- C:\ProgramData\4cvn82knc6a0o1
[2011/11/23 15:17:50 | 006,143,647 | ---- | C] () -- C:\Users\xxx\Desktop\Asanas.pdf
[2011/06/23 22:24:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/21 19:01:08 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011/04/20 11:58:57 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr11.dat
[2011/01/20 02:03:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/01/20 02:03:10 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/01/20 02:03:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/01/20 02:03:09 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/01/20 02:03:06 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/01/20 02:03:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/10/21 02:07:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe
[2010/10/21 02:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe
[2010/02/20 23:55:29 | 000,017,408 | ---- | C] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db
[2010/02/20 00:12:21 | 000,156,766 | ---- | C] () -- C:\Users\xxx\AppData\Local\Synchronisation_Lotus_Notes_Apple_iPhone_3G_1.wm2
[2010/02/16 23:33:03 | 000,007,605 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2010/02/14 22:58:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2010/02/14 21:49:41 | 000,025,600 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 20:38:58 | 000,659,200 | ---- | C] () -- C:\Users\xxx\AppData\Local\wanancsp.dat
[2010/02/07 12:04:50 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/02/07 11:49:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/06 18:35:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/26 12:13:05 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 08:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,415,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,671,140 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,129,944 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2011/03/27 05:24:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon
[2011/04/21 19:04:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CachedFiles
[2011/03/27 05:02:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\calibre
[2010/02/16 23:26:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2010/02/06 22:39:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2010/02/13 00:13:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Forte
[2010/04/25 06:08:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HandBrake
[2010/02/05 20:57:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lenovo
[2011/05/11 17:05:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCDr
[2011/04/21 22:57:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PwrMgr
[2010/05/27 17:34:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SE_logs
[2010/02/08 01:08:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2011/05/11 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Update
[2010/02/13 02:47:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
[2010/02/13 03:32:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Wireshark
[2011/11/29 15:47:09 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/07/05 14:24:54 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/07 15:00:11 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
-------------------------------------------

Und noch die OTR Extras - iOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12/8/2011 12:43:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\xxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
2.96 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 53.39% Memory free
2.96 Gb Paging File | 1.57 Gb Available in Paging File | 53.10% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 49.95 Gb Free Space | 22.51% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.06 Gb Free Space | 21.13% Space Free | Partition Type: NTFS
 
Computer Name: x200 | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CFC71CB-6789-4CD9-99C0-58D490BE99AA}" = Follow MxxxrinDay - HSK Listening Practice I
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{17C4A35A-2041-42C0-8D10-DEF55B47BE56}" = Adobe Premiere Elements 8.0 Templates
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C111F14-D9BE-459D-B0B6-B4D082F03749}" = Mobile Broadband Connect
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D5E4E4C-F695-45B3-8863-6B834D584CAC}" = ThinkVantage GPS
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.32.500.0
"{836670E9-61EB-4D47-9EF8-CFE936C3FE32}" = Lotus Notes 8.5.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}" = ImageMixer 3 SE Ver.4 Video Tools
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B83ED44B-8235-4EA8-A043-2834E28AAD8D}" = Follow MxxxrinDay - HSK Listening Practice II
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan LiDE 500F
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi-Software
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEE843A0-33C6-404C-90A4-1136F8BD38A2}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29)
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Digital Editions" = Adobe Digital Editions
"DV CIG Guide" = CANON iMAGE GATEWAY Registration Guide
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"Google Chrome" = Google Chrome
"Handbrake" = Handbrake 0.9.4
"HECI" = Intel(R) Management Engine Interface
"InstallShield_{0CFC71CB-6789-4CD9-99C0-58D490BE99AA}" = Follow MxxxrinDay - HSK Listening Practice I
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{B83ED44B-8235-4EA8-A043-2834E28AAD8D}" = Follow MxxxrinDay - HSK Listening Practice II
"IrfanView" = IrfanView (remove only)
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MyCamera" = Canon Utilities MyCamera
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PremElem80" = Adobe Premiere Elements 8.0
"PremElem80Templates" = Adobe Premiere Elements 8.0 Templates
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SnagIt6" = SnagIt 6
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"VLC media player" = VLC media player 1.1.11
"W7DevOR" =  Registry Patch to arrange icons in Device and Printers folder of Windows 7
"Winfonie mobile 2" = Winfonie mobile 2.2.2.13
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.6
"Zattoo4" = Zattoo4 4.0.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/17/2011 7:11:06 PM | Computer Name = x200 | Source = PC-Doctor | ID = 1
Description = (4776) Asapi: (01:11:06:1900)(4776) libTonopahClient.DownloadManager
 - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
 failed with error: 317 
 
Error - 9/19/2011 12:31:31 PM | Computer Name = x200 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll" on line 0.  Invalid Xml syntax.
 
Error - 9/24/2011 2:58:53 AM | Computer Name = x200 | Source = PC-Doctor | ID = 1
Description = (1872) Asapi: (08:58:53:7780)(1872) libTonopahClient.DownloadManager
 - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
 failed with error: 317 
 
Error - 9/24/2011 2:58:54 AM | Computer Name = x200 | Source = PC-Doctor | ID = 1
Description = (1872) Asapi: (08:58:54:4490)(1872) libTonopahClient.DownloadManager
 - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
 failed with error: 317 
 
Error - 9/26/2011 1:58:53 PM | Computer Name = x200 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll" on line 0.  Invalid Xml syntax.
 
Error - 10/1/2011 12:20:10 PM | Computer Name = x200 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll" on line 0.  Invalid Xml syntax.
 
Error - 10/5/2011 7:34:25 AM | Computer Name = x200 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 10/5/2011 7:34:25 AM | Computer Name = x200 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 10/5/2011 7:34:44 AM | Computer Name = x200 | Source = PC-Doctor | ID = 1
Description = (5320) Asapi: (13:34:44:7880)(5320) libTonopahClient.DownloadManager
 - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
 failed with error: 317 
 
Error - 10/5/2011 7:35:38 AM | Computer Name = x200 | Source = ESENT | ID = 215
Description = WinMail (8188) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 11/28/2010 10:35:35 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
 does not exsist -> Exception message: The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
 does not exsist
 
Error - 3/30/2011 1:18:51 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: The process cannot access the file
 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin' because
 it is being used by another process.
 
Error - 3/30/2011 8:04:02 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The process cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\ServerRepositoryData.db'
 because it is being used by another process. -> Exception message: The process 
cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\ServerRepositoryData.db'
 because it is being used by another process.
 
Error - 3/30/2011 8:04:02 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The process cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin'
 because it is being used by another process. -> Exception message: The process 
cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin'
 because it is being used by another process.
 
Error - 3/30/2011 8:04:03 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Could not find file 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW_1\appupdater.exe.config'.
 -> Exception message: Could not find file 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW_1\appupdater.exe.config'.
 
Error - 3/30/2011 8:04:03 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: The process cannot access the file
 'appupdater.exe' because it is being used by another process.
 
Error - 3/30/2011 8:04:03 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Could not find a part of the path 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB_1\SeedDB.tag'.
 -> Exception message: Could not find a part of the path 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB_1\SeedDB.tag'.
 
Error - 3/30/2011 8:04:06 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The process cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab'
 because it is being used by another process. -> Exception message: The process 
cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab'
 because it is being used by another process.
 
Error - 3/30/2011 8:04:06 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The process cannot access the file 'TOC.cab' because it is being used
 by another process. -> Exception message: The process cannot access the file 'TOC.cab'
 because it is being used by another process.
 
Error - 3/30/2011 12:06:03 PM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: The process cannot access the file
 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin' because
 it is being used by another process.
 
[ System Events ]
Error - 12/7/2011 4:09:15 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 12/7/2011 6:57:55 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7016
Description = The Data Transfer Service service has reported an invalid current 
state 0.
 
Error - 12/7/2011 7:38:43 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7016
Description = The Data Transfer Service service has reported an invalid current 
state 0.
 
Error - 12/7/2011 5:50:38 PM | Computer Name = x200 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
 
< End of report >
         
--- --- ---
-------------------------------------------

-------------------------------------------
__________________

Alt 08.12.2011, 21:37   #4
andrews0815
 
Windows Security Center 2012, Java/CVE-2011-3544.D  und weitere Malware? - Standard

Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?



Hallo Arne,

Ja, habe noch den mbam-Log von gestern nach den ganzen Säuberungsaktionen, der im wesentlichen nur besagt, dass alles OK sein soll, was ich wie gesagt ja bezweifle, sonst hab ich alles gelöscht (ich trau ja auch den Scannern nicht). Zudem weiss ich ja nicht, ob ein Scan im Safemode genauso aussagekräftig ist, wie der im normalen Modus (er geht zumindest einiges schneller), der im normalen Modus ist mir vorgestern nacht eingeschlafen, bin halt manchmal zu ungeduldig.

Die OTL Logs hab ich auch, die scheinen mir mehr Infos zu haben, hab ich mal auch noch angehängt, vielleicht sieht sich da mehr?
Angehängte Dateien
Dateityp: txt mbam-log-2011-12-07 (09-57-53)-full.txt (923 Bytes, 168x aufgerufen)
Dateityp: txt OTL_fullscan.Txt (80,3 KB, 208x aufgerufen)
Dateityp: txt OTLExtras.Txt (48,8 KB, 605x aufgerufen)

Alt 08.12.2011, 21:41   #5
andrews0815
 
Windows Security Center 2012, Java/CVE-2011-3544.D  und weitere Malware? - Standard

Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?



PS: Die Logs sind die gleichen wie oben, hatte dann die Attachments doch noch eleganter einfügen können.


Alt 08.12.2011, 21:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Security Center 2012, Java/CVE-2011-3544.D  und weitere Malware? - Standard

Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?



Logs doppelt zu posten ist sinnfrei. Wenn du ein Log schon direkt in den Text gepostet hast muss dasselbe Log nicht nochmal als Anhang rein!! Wozu soll das gut sein?
Nach Möglichkeit die Logs immer direkt posten mit CODE-Tags umschlossen, als Anhang nur im Notfall (wenn es zu groß ist dann gezippt)
__________________
--> Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?

Antwort

Themen zu Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?
amerika, avast, backdoor, center, csrss.exe, exploit, fehlermeldung, free, java/cve-2011-3544.d, kis, laptop, malware, mbam, microsoft, nicht mehr, prozess, prozesse, registry, scan, scanner, scareware, schnell, security, trojans, version, w security center, w32, windows, windows security center, winlogon.exe



Ähnliche Themen: Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?


  1. Windows 7: Avira erkennt JAVA/Dldr.Kara.AR.1 ; EXP/CVE-2012-1723.A.312 und weitere
    Log-Analyse und Auswertung - 09.04.2014 (12)
  2. Exploit.Java.CVE-2011-3544.jy + Weitere Viren?
    Log-Analyse und Auswertung - 20.12.2012 (34)
  3. Java/Exploit.CVE-2011-3544.BR trojan
    Log-Analyse und Auswertung - 28.11.2012 (14)
  4. AVSCAN hat mehrere Java-Viren JAVA/Agent.M* und Exploits EXP/CVE-2011-3544 gefunden
    Log-Analyse und Auswertung - 15.10.2012 (24)
  5. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  6. Laptop befallen von: Exploit.Java.cve-2011-3544.ji, Was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (12)
  7. 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF)
    Log-Analyse und Auswertung - 03.08.2012 (25)
  8. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  9. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  10. Java-Script Virus: Exploit: Java/CVE-2011-3544.gen!E
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (13)
  11. EXP/CVE-2011-3544.BY, EXP/JAVA.Ternub.Gen Wie bekomm ich die Viren weg/ Hab ich die noch?
    Plagegeister aller Art und deren Bekämpfung - 09.04.2012 (4)
  12. 3 Viren: EXP/2011-3544.CZ und EXP/JAVA.Loader.Gen und EXP/CVE-2012-0507
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (2)
  13. Trojaner Exploit.Java.CVE-2011-3544.jh & Virus P2P-Worm.Win23.Palevo.nzl
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (5)
  14. Avira meldet EXP/2011-3544.BW.1 und JAVA/Dldr.OpenS.H
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (5)
  15. Java:CVE-2011-3544-AX und viele versteckte Objekte entdeckt, Rechner bockt
    Log-Analyse und Auswertung - 21.03.2012 (51)
  16. 2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (30)
  17. exploit.java.cve-2011-3544 irreparabel
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (23)

Zum Thema Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware? - Hallo, Kämpfe seit 2 Tagen mit diversesten Malwareproblemen, Scannern (und deren unverständlichen Logs) herum. Angefangen hat das Ganze gestern mit der schon anderweitigen beschriebenen Windows Security Center 2012 Geschichte ( - Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?...
Archiv
Du betrachtest: Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.