Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AVG findet script/exploit-was nun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.11.2012, 19:10   #1
boris81
 
AVG findet script/exploit-was nun? - Standard

AVG findet script/exploit-was nun?



Hallo,

bitte helft mir, habe mein Avira Programm gestern gegen AVG getauscht, weil ich ab und zu eine Meldung über ein fehlerhaftes Script erhalten habe, das hat mich misstrauisch gemacht.

AVG hat den oben genannten Virus gefunden und in Quarantäne gestellt.

Hier die benötigten Logs:

1)OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.11.2012 22:01:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Boris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 44,91% Memory free
6,22 Gb Paging File | 4,56 Gb Available in Paging File | 73,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 918,51 Gb Total Space | 637,43 Gb Free Space | 69,40% Space Free | Partition Type: NTFS
 
Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.26 22:01:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Downloads\OTL.exe
PRC - [2012.11.26 21:59:52 | 000,711,240 | ---- | M] () -- C:\Users\Boris\AppData\Local\Temp\is-DKV3V.tmp\mbam-setup-1.65.0.1400.tmp
PRC - [2012.11.26 21:59:49 | 000,711,240 | ---- | M] () -- C:\Users\Boris\AppData\Local\Temp\is-FM33R.tmp\mbam-setup-1.65.0.1400.tmp
PRC - [2012.11.26 21:59:40 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Boris\Downloads\mbam-setup-1.65.0.1400.exe
PRC - [2012.11.19 17:19:12 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe
PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe
PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe
PRC - [2012.10.22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe
PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe
PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.18 10:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
PRC - [2008.09.18 10:13:00 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\System32\HidService.exe
PRC - [2008.09.18 10:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
PRC - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
PRC - [2008.07.07 16:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe
PRC - [2008.05.07 09:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.26 21:59:52 | 000,711,240 | ---- | M] () -- C:\Users\Boris\AppData\Local\Temp\is-DKV3V.tmp\mbam-setup-1.65.0.1400.tmp
MOD - [2012.11.26 21:59:49 | 000,711,240 | ---- | M] () -- C:\Users\Boris\AppData\Local\Temp\is-FM33R.tmp\mbam-setup-1.65.0.1400.tmp
MOD - [2012.11.19 17:19:12 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2008.12.01 09:59:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.09.18 10:13:00 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\System32\HidService.exe -- (GenericHidService)
SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.11.26 22:00:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.10.05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2008.10.16 08:16:00 | 007,381,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.10.31 04:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1112&m=imedia_j5644_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1112&m=imedia_j5644_ge
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1112&m=imedia_j5644_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ACCBD8A-66EA-40B7-B7B2-EA4D998A241F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ACCBD8A-66EA-40B7-B7B2-EA4D998A241F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE511
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.19 14:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.19 14:57:00 | 000,000,000 | ---D | M]
 
[2012.11.19 14:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Extensions
[2012.11.19 14:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.30 18:11:08 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EFBC476-777F-46E1-8F9A-E0D878D0EA27}: DhcpNameServer = 192.168.11.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS)
O24 - Desktop WallPaper: C:\Users\Boris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Boris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 22:00:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.26 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Malwarebytes
[2012.11.26 22:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.26 22:00:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.26 22:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.26 18:40:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012.11.26 18:05:54 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\AVG2013
[2012.11.26 18:04:51 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\TuneUp Software
[2012.11.26 18:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.11.26 18:04:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.11.26 18:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.11.26 18:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.11.26 17:57:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.26 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\MFAData
[2012.11.26 17:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.11.26 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Avg2013
[2012.11.20 22:48:07 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Facebook
[2012.11.20 20:10:27 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Skype
[2012.11.20 15:10:06 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Atari
[2012.11.20 15:02:49 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012.11.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\RCT3
[2012.11.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\My Pictures
[2012.11.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\My Music
[2012.11.20 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Adobe
[2012.11.19 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\vghd
[2012.11.19 20:58:53 | 000,000,000 | ---D | C] -- C:\Backup
[2012.11.19 18:23:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.11.19 18:23:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.11.19 18:23:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.11.19 17:46:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.11.19 17:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.11.19 17:21:59 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Macromedia
[2012.11.19 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Apple Computer
[2012.11.19 16:17:56 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.11.19 14:54:39 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Apple
[2012.11.19 14:48:03 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Mozilla
[2012.11.19 14:48:03 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Mozilla
[2012.11.19 14:39:20 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Macromedia
[2012.11.19 14:12:00 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\System32\drivers\int15_64.sys
[2012.11.19 14:12:00 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys
[2012.11.19 14:10:21 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Adobe
[2012.11.19 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Google
[2012.11.19 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Google
[2012.11.19 14:06:08 | 000,274,488 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwpnp32_priv.dll
[2012.11.19 14:06:08 | 000,274,488 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwpnp32.dll
[2012.11.19 14:06:08 | 000,106,552 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwi2c32.dll
[2012.11.19 14:06:08 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwutl32_priv.dll
[2012.11.19 14:06:08 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwutl32.dll
[2012.11.19 14:01:31 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Packard Bell
[2012.11.19 14:01:18 | 000,000,000 | R--D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.11.19 14:01:18 | 000,000,000 | R--D | C] -- C:\Users\Boris\Searches
[2012.11.19 14:01:18 | 000,000,000 | R--D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.11.19 14:01:10 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Identities
[2012.11.19 14:01:08 | 000,000,000 | R--D | C] -- C:\Users\Boris\Contacts
[2012.11.19 13:59:18 | 000,588,472 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012.11.19 13:59:18 | 000,129,992 | ---- | C] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll
[2012.11.19 13:58:52 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl
[2012.11.19 13:58:52 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl
[2012.11.19 13:58:52 | 000,268,288 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe
[2012.11.19 13:58:52 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl
[2012.11.19 13:58:52 | 000,111,104 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe
[2012.11.19 13:58:52 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl
[2012.11.19 13:58:52 | 000,091,136 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe
[2012.11.19 13:58:52 | 000,064,512 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl
[2012.11.19 13:58:52 | 000,049,152 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll
[2012.11.19 13:58:52 | 000,015,872 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe
[2012.11.19 13:57:28 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\VirtualStore
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Vorlagen
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\AppData\Local\Verlauf
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\AppData\Local\Temporary Internet Files
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Startmenü
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\SendTo
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Recent
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Netzwerkumgebung
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Lokale Einstellungen
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Documents\Eigene Videos
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Documents\Eigene Musik
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Eigene Dateien
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Documents\Eigene Bilder
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Druckumgebung
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Cookies
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\AppData\Local\Anwendungsdaten
[2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Anwendungsdaten
[2012.11.19 13:57:22 | 000,000,000 | --SD | C] -- C:\Users\Boris\AppData\Roaming\Microsoft
[2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\Saved Games
[2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\Links
[2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\Favorites
[2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\Desktop
[2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.11.19 13:57:22 | 000,000,000 | -H-D | C] -- C:\Users\Boris\AppData
[2012.11.19 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Temp
[2012.11.19 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Microsoft
[2012.11.19 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Media Center Programs
[2012.11.19 13:53:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.11.19 13:53:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.11.19 13:53:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.11.19 12:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.11.19 11:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.10.29 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.26 22:00:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.26 22:00:15 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 20:28:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 20:28:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 20:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 18:37:01 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.26 18:37:01 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.26 18:37:01 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.26 18:37:01 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.26 18:29:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.11.26 18:28:36 | 3220,348,928 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 18:04:51 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.11.26 17:16:26 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012.11.20 15:09:17 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2012.11.20 15:02:49 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012.11.20 14:05:07 | 000,300,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.20 11:19:02 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.11.20 11:19:02 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.11.20 11:18:54 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.11.19 17:43:20 | 000,007,168 | ---- | M] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.19 17:33:44 | 000,000,680 | ---- | M] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat
[2012.11.19 14:56:40 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.19 14:47:59 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.19 14:14:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\PackardBellBV_IMEDIAJ5644GE_ToBeFilledByO.E.M._PTU050X006851035799000.MRK
[2012.11.19 13:59:27 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2012.11.19 13:59:22 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012.11.19 13:59:18 | 000,008,172 | ---- | M] () -- C:\Windows\System32\ezdigsgn.dat
[2012.11.19 13:58:52 | 001,381,376 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl
[2012.11.19 13:58:52 | 000,778,240 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl
[2012.11.19 13:58:52 | 000,268,288 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe
[2012.11.19 13:58:52 | 000,215,040 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl
[2012.11.19 13:58:52 | 000,111,104 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe
[2012.11.19 13:58:52 | 000,097,792 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl
[2012.11.19 13:58:52 | 000,091,136 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe
[2012.11.19 13:58:52 | 000,064,512 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl
[2012.11.19 13:58:52 | 000,049,152 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll
[2012.11.19 13:58:52 | 000,015,872 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe
[2012.11.19 13:52:13 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.11.19 12:43:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.11.26 22:00:15 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 18:04:51 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.11.20 15:01:05 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2012.11.20 15:00:59 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2012.11.20 11:18:54 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.11.19 17:36:54 | 3220,348,928 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.19 17:33:04 | 000,000,680 | ---- | C] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat
[2012.11.19 17:17:51 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.11.19 17:17:50 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012.11.19 17:17:39 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012.11.19 17:17:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.11.19 17:17:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.11.19 17:17:35 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012.11.19 17:17:31 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012.11.19 17:17:13 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012.11.19 17:17:10 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012.11.19 17:16:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012.11.19 16:15:39 | 000,007,168 | ---- | C] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.19 14:56:40 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.19 14:54:38 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.11.19 14:47:59 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.19 14:47:47 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.11.19 14:14:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\PackardBellBV_IMEDIAJ5644GE_ToBeFilledByO.E.M._PTU050X006851035799000.MRK
[2012.11.19 14:12:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.11.19 14:12:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2012.11.19 14:01:19 | 000,000,951 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.11.19 14:01:17 | 000,000,946 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.11.19 14:01:08 | 000,000,917 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.11.19 13:59:27 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2012.11.19 13:59:22 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.11.19 13:58:53 | 000,008,172 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2012.11.19 12:43:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.20 15:10:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Atari
[2012.11.26 18:05:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\AVG2013
[2012.11.26 18:04:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.11.2012 22:01:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Boris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 44,91% Memory free
6,22 Gb Paging File | 4,56 Gb Available in Paging File | 73,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 918,51 Gb Total Space | 637,43 Gb Free Space | 69,40% Space Free | Partition Type: NTFS
 
Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0269314E-F892-4156-A1D1-55F1829926C7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{1BA2485D-4B5D-4039-8848-0E2F858B8967}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{42E6ED8A-00C1-453A-AD6A-68B4F6149FEA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{572CD099-B0F2-4928-9536-DE602DA9B482}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{572FBB3F-4DC5-42DD-912E-83EE22CE74FE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{6132566B-6CD6-4867-9B86-C70463050D63}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A21FA668-E465-417A-A0E2-D5E90417EB64}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DCB53471-7331-4D62-955D-60A4179589BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{DF91C1CF-FAA0-4B36-B1FA-5B2D10104AA7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{E2C05D10-F84B-4857-ACFB-C1129443EEB4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{F453E0C8-631D-40AE-8782-717513ECC011}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DE5EB975-946C-4ADF-ABCC-3609BCEBF978}" = AVG 2013
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG" = AVG 2013
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"Works9se" = Microsoft Works 9.0 SE
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.11.2012 17:13:49 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.11.2012 17:13:49 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.11.2012 17:13:49 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.11.2012 17:13:49 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.11.2012 17:13:50 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.11.2012 17:13:50 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.11.2012 17:13:50 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.11.2012 17:13:50 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.11.2012 06:04:58 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.11.2012 06:29:12 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 19.11.2012 11:04:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 19.11.2012 11:04:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 19.11.2012 11:04:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 19.11.2012 11:04:42 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 19.11.2012 11:18:47 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 19.11.2012 11:26:36 | Computer Name = Boris-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.11.2012 11:38:27 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 19.11.2012 11:48:24 | Computer Name = Boris-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.11.2012 12:32:04 | Computer Name = Boris-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.11.2012 12:37:18 | Computer Name = Boris-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
--- --- ---


2) Anti Malwarebytes

Code:
ATTFilter
 

   Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.26.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Boris :: BORIS-PC [Administrator]

27.11.2012 07:30:19
mbam-log-2012-11-27 (07-30-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 437415
Laufzeit: 1 Stunde(n), 47 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

3)Virustotal

https://www.virustotal.com/file/ff5469d58e4a480b90948cb755f2826570c75a188caa1bf3314dafe7eff612b8/analysis/1353972253/


und

https://www.virustotal.com/file/ea7bf51cd233f139764e17d21fe3827ed0e7c1f1907f405888a8f81d7123b8cc/analysis/1354042336/


Ist der Virus noch aktiv? Was soll ich machen?

Geändert von boris81 (27.11.2012 um 19:25 Uhr)

Antwort

Themen zu AVG findet script/exploit-was nun?
adobe, autorun, avg, avira, bho, defender, desktop, error, firefox, flash player, format, helper, home, install.exe, logfile, mozilla, packard bell, programm, realtek, registry, rundll, scan, security, senden, software, virus, vista, wlan.



Ähnliche Themen: AVG findet script/exploit-was nun?


  1. HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt?
    Log-Analyse und Auswertung - 07.09.2014 (3)
  2. ZoneAlarm hat zwei Viren gefunden: HEUR:Exploit.Script.Generic und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 21.02.2014 (15)
  3. Kaspersky findet HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 31.01.2014 (13)
  4. Avira findet malware und exploit
    Log-Analyse und Auswertung - 07.12.2013 (9)
  5. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  6. Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (24)
  7. Kaspersky findet Exploit.Java.CVE-2012-0507
    Log-Analyse und Auswertung - 23.04.2013 (1)
  8. Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (4)
  9. avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (6)
  10. Malwarebyte findet exploit drop gs !
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (6)
  11. Heur: Exploit.Script.Generic, Kaspersky konnte erst nichts tun, nach Update in Quarantäne
    Log-Analyse und Auswertung - 11.11.2012 (10)
  12. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  13. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  14. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  15. Trojaner Heur:Exploit.Script.Blocker
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  16. AVG Rescue CD findet Java/Exploit.AOQ
    Log-Analyse und Auswertung - 29.05.2012 (26)
  17. Java-Script Virus: Exploit: Java/CVE-2011-3544.gen!E
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (13)

Zum Thema AVG findet script/exploit-was nun? - Hallo, bitte helft mir, habe mein Avira Programm gestern gegen AVG getauscht, weil ich ab und zu eine Meldung über ein fehlerhaftes Script erhalten habe, das hat mich misstrauisch gemacht. - AVG findet script/exploit-was nun?...
Archiv
Du betrachtest: AVG findet script/exploit-was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.