| |
| |||||||
Log-Analyse und Auswertung: Google erzwingt falsche LinksWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.02.2009, 00:28
| #1 |
 |  Google erzwingt falsche Links Hallo ihr Helfer meines Problems. Ich sitze jetzt seit fünf Stunden an meinem Laptop und versuch alles was in meiner Macht steht um ihn wieder vernünftig zum laufen zu bringen. Ich hab gemerkt das was nicht stimmt, als mein Google mich andauern auf irgendwelche komischen Seiten weiter geleitet hat. Ich hab alles durchgelesen und versucht zu verstehen, aber es dauert auch ewig auf die nächste Seite zukommen. (für das TrojanerForum hab ich mal an die 30 min gebraucht) Ich hoffe ihr könnt mir mit meiner LogFile weiterhelfen. Ich bedanke mich schon mal im voraus. R. Code Tags Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:13:28, on 16.02.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\TAMSvr.exe C:\Windows\system32\nvvsvc.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe C:\Program Files\Toshiba TEMPRO\TempoSVC.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe c:\Program Files\Toshiba\Power Saver\TosCoSrv.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Windows\System32\TUProgSt.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe C:\Program Files\MAGIX\Common\Database\bin\fabs.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Windows\system32\wbem\unsecapp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Internet Explorer\ieuser.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: D - {930088ED-0402-3092-BD1E-C595A5A8D0D4} - C:\Windows\system32\xwr27775.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Unknown owner - D:\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 11461 bytes :) |
|
17.02.2009, 08:36
| #2 |
  | Google erzwingt falsche Links Hi,
__________________das HJ-Log gibt nicht viel her, daher liegt der verdacht auf was "verstecktes" nahe.... Combofix Lade ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Weitere Anleitung unter:http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird Hinweis: unter : C:\WINDOWS\erdnt wird ein Backup angelegt. Alternative downloads: http://subs.geekstogo.com/ComboFix.exe Danach noch scannen mit MAM: Malwarebytes Antimalware (MAM). Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Fullscan und alles bereinigen lassen! Log posten. Alternativer Download: http://filepony.de/download-malwarebytes_anti_malware/, http://www.gt500.org/malwarebytes/mbam.jsp chris
__________________ |
|
17.02.2009, 14:26
| #3 |
| | Google erzwingt falsche Links so, hab jetzt auch das erledigt
__________________zusätzlich hab ich Tröjan.Vundo.H 7x gefunden.? aber Der Text, den Sie eingegeben haben, besteht aus 26212 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 25000 Zeichen. wie gehe ich damit vor? |
|
17.02.2009, 14:29
| #4 |
| | Google erzwingt falsche LinksCode:
ATTFilter Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1749
Windows 6.0.6001 Service Pack 1
17.02.2009 13:34:03
mbam-log-2009-02-17 (13-34-03).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 62667
Laufzeit: 2 minute(s), 54 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\Windows\System32\xwr27775.dll (Trojan.Vundo.H) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930088ed-0402-3092-bd1e-c595a5a8d0d4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{930088ed-0402-3092-bd1e-c595a5a8d0d4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e762b976-44d9-3776-aa52-6c3ccd940e4f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4767d3c2-47a7-3f18-845f-a586dd7cd636} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{930088ed-0402-3092-bd1e-c595a5a8d0d4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\System32\xwr27775.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\wr27775.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
:)
|
|
17.02.2009, 15:26
| #5 |
| | Google erzwingt falsche Links Hi, poste es in zwei Teilen... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
17.02.2009, 20:53
| #6 |
| | Google erzwingt falsche Links wieso komm ich da nicht selbst drauf. merk ich mir. Code:
ATTFilter
ComboFix 09-02-15.01 - *** 2009-02-17 20:39:30.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3066.1990 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*
.
((((((((((((((((((((((( Dateien erstellt von 2009-01-17 bis 2009-02-17 ))))))))))))))))))))))))))))))
.
2009-02-17 12:55 . 2009-02-17 12:55 <DIR> d-------- c:\users\***\AppData\Roaming\Malwarebytes
2009-02-17 12:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-17 12:52 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-17 01:07 . 2009-02-17 03:08 <DIR> d-------- c:\program files\a-squared Anti-Malware
2009-02-16 21:29 . 2009-02-16 21:29 <DIR> d-------- c:\program files\CCleaner
2009-02-16 21:28 . 2009-02-16 21:28 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-16 21:28 . 2009-02-16 21:28 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-16 21:28 . 2009-02-17 12:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 20:55 . 2007-06-28 14:36 401,720 --a------ c:\users\All Users\HijackThis.exe
2009-02-16 20:55 . 2007-06-28 14:36 401,720 --a------ c:\programdata\HijackThis.exe
2009-02-16 20:29 . 2009-02-16 20:29 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 21:37 . 2009-02-17 13:25 <DIR> d-a------ c:\users\All Users\TEMP
2009-02-15 21:37 . 2009-02-17 13:25 <DIR> d-a------ c:\programdata\TEMP
2009-02-15 21:37 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2009-02-15 21:37 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2009-02-15 21:37 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2009-02-15 21:37 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2009-02-15 21:36 . 2009-02-15 21:36 <DIR> d-------- c:\users\***\AppData\Roaming\PC Tools
2009-02-15 21:36 . 2009-02-15 22:13 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-15 21:24 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-15 21:24 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-15 21:23 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-15 21:23 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-15 21:23 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-15 21:23 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-15 21:23 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-15 21:23 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-15 21:18 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-15 21:18 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-15 21:18 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-15 21:18 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-15 21:18 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-14 17:27 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-14 17:11 . 2009-02-14 17:11 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-14 17:05 . 2009-02-14 17:05 <DIR> d-------- c:\users\***\AppData\Roaming\DAEMON Tools
2009-02-14 17:05 . 2009-02-14 17:05 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2009-02-14 03:37 . 2009-02-14 04:00 <DIR> d-------- c:\users\***\AppData\Roaming\BPK
2009-02-13 15:11 . 2009-02-13 15:11 <DIR> d-------- c:\users\***\AppData\Roaming\PC Suite
2009-02-13 15:11 . 2009-02-13 15:11 <DIR> d-------- c:\users\***\AppData\Roaming\BitDefender
2009-02-13 15:07 . 2009-02-16 19:30 <DIR> d-------- c:\users\***\Program Files
2009-02-13 15:07 . 2009-02-17 20:39 81,984 --a------ c:\windows\System32\bdod.bin
2009-02-13 12:13 . 2009-02-13 12:13 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-13 12:11 . 2009-02-13 12:10 73,728 --a------ c:\windows\System32\xa68148085.exe
2009-02-13 12:10 . 2009-02-13 12:10 73,728 --a------ c:\windows\System32\xa68147897.exe
2009-02-13 02:00 . 2009-02-13 02:00 <DIR> d-------- c:\users\***\AppData\Roaming\MAGIX
2009-02-13 01:58 . 2009-02-13 01:58 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-02-13 01:58 . 2009-02-13 01:58 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-02-13 01:58 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-02-13 01:58 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-02-13 01:55 . 2009-02-13 01:55 <DIR> d-------- c:\users\***\AppData\Roaming\TuneUp Software
2009-02-13 01:54 . 2009-02-13 01:54 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-02-13 01:54 . 2009-02-13 01:54 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-13 01:54 . 2009-02-13 01:54 <DIR> d-------- c:\programdata\TuneUp Software
2009-02-13 01:54 . 2009-02-13 01:54 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-13 01:54 . 2009-02-13 01:58 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-12 18:40 . 2009-02-12 18:40 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-02-12 18:40 . 2009-02-12 18:40 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-12 18:39 . 2009-02-12 18:40 <DIR> d-------- c:\users\***\AppData\Roaming\PC Suite
2009-02-12 18:39 . 2009-02-16 18:16 <DIR> d-------- c:\users\***\AppData\Roaming\Nokia
2009-02-12 18:39 . 2009-02-12 18:40 <DIR> d-------- c:\users\All Users\PC Suite
2009-02-12 18:39 . 2009-02-12 18:40 <DIR> d-------- c:\programdata\PC Suite
2009-02-12 18:35 . 2009-02-12 18:35 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-12 18:35 . 2009-02-12 18:35 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-12 18:35 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2009-02-12 18:34 . 2009-02-12 18:34 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-12 18:32 . 2009-02-12 18:35 <DIR> d-------- c:\program files\Nokia
2009-02-12 18:32 . 2008-09-15 07:56 91,136 --a------ c:\windows\System32\nmwcdcls.dll
2009-02-12 18:31 . 2009-02-12 18:31 <DIR> d-------- c:\users\All Users\Installations
2009-02-12 18:31 . 2009-02-12 18:31 <DIR> d-------- c:\programdata\Installations
2009-02-12 17:58 . 2009-02-12 17:58 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-12 17:58 . 2009-02-12 17:58 <DIR> d-------- c:\program files\Microsoft
2009-02-12 17:56 . 2009-02-12 17:56 <DIR> d-------- c:\windows\Sun
2009-02-12 17:44 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 17:44 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 17:44 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 17:44 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 17:44 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 17:17 . 2009-02-12 17:17 850 --a------ c:\windows\System32\ProductTweaks.xml
2009-02-12 17:17 . 2009-02-12 17:17 385 --a------ c:\windows\System32\user_gensett.xml
2009-02-12 14:24 . 2009-02-12 14:24 <DIR> d-------- c:\users\***\AppData\Roaming\BitDefender
2009-02-12 14:24 . 2009-02-12 17:16 <DIR> d-------- c:\users\All Users\BitDefender
2009-02-12 14:24 . 2009-02-12 17:16 <DIR> d-------- c:\programdata\BitDefender
2009-02-12 14:24 . 2009-02-12 14:24 <DIR> d-------- c:\program files\BitDefender
2009-02-12 14:16 . 2009-02-12 14:24 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-02-12 03:03 . 2009-02-12 03:03 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU
2009-02-12 03:00 . 2009-02-12 03:00 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-11 17:49 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 17:49 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-07 17:43 . 2009-02-07 17:43 0 --a------ c:\users\***\AppData\Roaming\wklnhst.dat
2009-02-07 15:54 . 2009-02-07 15:54 0 --a------ c:\windows\tosOBEX.INI
2009-02-07 15:00 . 2009-02-07 15:00 <DIR> d-------- c:\users\***\AppData\Roaming\MAGIX
2009-02-07 14:16 . 2009-02-09 05:07 <DIR> d-------- c:\users\***\AppData\Roaming\BitTorrent
2009-02-06 20:27 . 2009-02-06 20:27 <DIR> d-------- c:\users\***\AppData\Roaming\Apple Computer
2009-02-06 20:14 . 2009-02-06 20:14 <DIR> d-------- c:\windows\System32\Plug-In Settings
2009-02-06 03:56 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2009-02-06 03:56 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2009-02-06 03:55 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2009-02-06 03:03 . 2009-02-06 03:03 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2009-02-06 03:01 . 2009-02-06 03:01 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2009-02-05 18:19 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-02-05 18:19 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-02-05 18:02 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2009-02-05 18:00 . 2008-06-19 04:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-02-05 18:00 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-02-05 17:57 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-05 17:57 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-05 17:57 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-05 17:57 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-05 17:51 . 2008-04-18 06:48 269,312 --a------ c:\windows\System32\es.dll
2009-02-05 17:51 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-02-05 17:50 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2009-02-05 17:50 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-02-05 17:50 . 2008-06-26 04:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-02-05 17:33 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2009-02-05 17:26 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-02-05 17:26 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-02-05 17:26 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 19:26 65,096 ----a-w c:\users\All Users\nvModes.dat
2009-02-17 19:26 65,096 ----a-w c:\programdata\nvModes.dat
2009-02-14 16:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-14 16:18 --------- d-----w c:\program files\Microsoft Games
2009-02-13 11:14 --------- d-----w c:\program files\Common Files\Adobe
2009-02-12 16:51 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-02-12 16:51 192,512 ----a-w c:\windows\System32\txmlutil.dll
2009-02-12 16:51 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-02-12 16:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-12 02:00 --------- d-----w c:\program files\Windows Mail
2009-02-06 04:34 --------- d-----w c:\programdata\Microsoft Help
2009-02-04 17:39 --------- d-----w c:\programdata\McAfee
2009-02-03 21:57 --------- d-----w c:\program files\Google
2009-02-03 20:10 --------- d-----w c:\programdata\NVIDIA
2009-02-03 20:08 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-03 19:59 --------- d-sh--w c:\programdata\Vorlagen
2009-02-03 19:59 --------- d-sh--w c:\programdata\Startmenü
2009-02-03 19:59 --------- d-sh--w c:\programdata\Favoriten
2009-02-03 19:59 --------- d-sh--w c:\programdata\Dokumente
2009-02-03 19:59 --------- d-sh--w c:\programdata\Anwendungsdaten
2009-02-03 19:59 --------- d-sh--w c:\program files\Gemeinsame Dateien
2009-02-03 18:55 --------- d-----w c:\program files\Toshiba
2009-02-03 18:53 --------- d-----w c:\program files\Common Files\Toshiba Shared
2009-02-03 18:51 --------- d-----w c:\program files\Microsoft.NET
2009-02-03 18:50 --------- d-----w c:\programdata\Toshiba
2009-02-03 18:44 --------- d-----w c:\program files\Intel
2008-11-24 21:31 65,888 ----a-w c:\windows\System32\sqlctr90.dll
2008-11-24 21:31 2,248,544 ----a-w c:\windows\System32\sqlncli.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-17_13.56.37.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-17 12:47:08 919,448 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-02-17 13:30:35 919,448 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-02-17 12:51:59 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-17 19:23:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-17 12:51:59 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-17 19:23:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-17 12:54:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-17 19:26:43 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-17 19:26:43 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-17 12:54:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-17 19:26:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-17 19:26:48 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-17 12:35:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-17 19:32:30 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-17 12:35:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 19:32:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-17 12:35:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-17 19:32:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-17 12:43:22 140,844 ----a-w c:\windows\System32\perfc007.dat
+ 2009-02-17 19:29:56 140,844 ----a-w c:\windows\System32\perfc007.dat
- 2009-02-17 12:43:22 119,252 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-17 19:29:56 119,252 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-17 12:43:22 665,150 ----a-w c:\windows\System32\perfh007.dat
+ 2009-02-17 19:29:56 665,150 ----a-w c:\windows\System32\perfh007.dat
- 2009-02-17 12:43:23 633,886 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-17 19:29:56 633,886 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-17 12:38:05 4,496 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3248546604-1487097281-3100174776-1004_UserData.bin
+ 2009-02-17 19:27:44 4,854 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3248546604-1487097281-3100174776-1004_UserData.bin
- 2009-02-17 12:38:05 94,164 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-17 19:27:44 94,730 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-17 12:38:03 55,224 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-17 19:27:43 55,248 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot auf jetziges Datum zurückgesetzt --
|
|
17.02.2009, 20:54
| #7 |
| | Google erzwingt falsche Links Teil II Code:
ATTFilter
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 11:40 118784 --a------ c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"BitTorrent DNA"="c:\users\***\Program Files\DNA\btdna.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe"
"TRCMan"=c:\program files\TOSHIBA\TRCMan\TRCMan.exe
"Toshiba TEMPO"=c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe"
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"KeNotify"=c:\program files\TOSHIBA\Utilities\KeNotify.exe
"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe
"HDMICtrlMan"=c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe"
"NDSTray.exe"=NDSTray.exe
"cfFncEnabler.exe"=cfFncEnabler.exe
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0D5A11D8-E422-4A43-ABDE-BA756967A541}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9A221C51-2180-4732-B874-696FDFB680E8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{934620BD-DE55-4E76-85CE-DA322E48CC52}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{57B0FD66-B15E-4BCE-A858-7465A2DFCD76}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{506F4A8F-1D3F-41D8-B90F-54F11BBDC9AA}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{7B34D169-B9E2-4D37-9FAA-78EAA3E943F8}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{73AC1D2B-3CFF-406D-8405-10FE7CF41864}"= UDP:e:\programme\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{D089E315-992E-44AE-B3E1-15F67641305C}"= TCP:e:\programme\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{FBCC3FB5-6BFC-40E6-86DF-E827108373D6}e:\\programme\\bittorrent\\bittorrent.exe"= UDP:e:\programme\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{BA022530-DA15-4DC7-AAAB-209AD71A0924}e:\\programme\\bittorrent\\bittorrent.exe"= TCP:e:\programme\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{0E666614-4E97-4509-BA10-4F7CD3FEDB10}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{85AB0218-36F5-4C86-8DB7-E282A0BC4811}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{5CCB0DE4-81BE-4A42-B9B0-81FCF2AF96D5}"= UDP:5353:Adobe CSI CS4
"{A0294B2E-C955-45EF-835B-274045B0A5E5}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{2483256D-3EB6-4F0B-B5BB-BE4C2571DD40}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"e:\\Programme\\BitTorrent\\bittorrent.exe"= e:\programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [2009-02-03 42608]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [2009-02-03 49152]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82696]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2008-04-16 40960]
R2 MSSQL$QOSMIOAVINDEXING;SQL Server (QOSMIOAVINDEXING);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-13 603904]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-08-14 104328]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-07-07 54784]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\System32\drivers\enecirhid.sys [2008-07-07 11264]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\System32\drivers\enecirhidma.sys [2008-07-07 5632]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-07-07 86672]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-07-07 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-07-07 43040]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]
R3 SPURS;TOSHIBA Quad Core HD Processor;c:\windows\System32\drivers\spurs.sys [2008-05-07 106496]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-07-07 1527900]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-15 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9647d6ab-fab1-11dd-baa3-00037a95202a}]
\shell\AutoRun\command - G:\autorun.exe
\shell\directx\command - g:\directx9\dxsetup.exe
\shell\setup\command - G:\setup.exe
.
Inhalt des "geplante Tasks" Ordners
2009-02-17 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 20:41:23
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(5168)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
Zeit der Fertigstellung: 2009-02-17 20:42:42
ComboFix-quarantined-files.txt 2009-02-17 19:42:38
ComboFix2.txt 2009-02-17 12:57:20
Vor Suchlauf: 17 Verzeichnis(se), 87.091.924.992 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 87,052,558,336 Bytes frei
332 --- E O F --- 2009-02-16 18:31:05
|
|
17.02.2009, 23:11
| #8 |
  | Google erzwingt falsche Links Hmm, für mich hört sich das an als ob du nen DNSChanger drin hast. Die Google sympthome deuten daraufhin. Schau doch bitte mal in deine netzwerkverbindung. Rechtsklick auf deine Internetverbindung / Eigenschaften / suche den Eintrag TCP/IP, markiere ihn und drücke Eigenschaften. Letzte Einträge, beziehst du deine DNS automatisch oder stehen da IP Nummern beginnend mit 85.255.XXX.XXX ? Ich seh grad: Du hast Bitdefender drauf, kann sein das Teile dieses Viruses schon eliminiert wurden und somit keinerlei IP im DNS autaucht. vergewissere dich das DNS beziehen auf automatisch zieht. Ich schalge vor du lässt mal GMER laufen und postest das Logfile. Schaun wir mal. Geändert von Redwulf (17.02.2009 um 23:20 Uhr) Grund: Zusatz erforderlich |
|
17.02.2009, 23:22
| #9 |
| | Google erzwingt falsche Links Gmer gibts hier: http://www.gmer.net/gmer.zip Einach laufen lassen und wenn er meckert den Scan machen lassen. Den Log hier posten... |
|
17.02.2009, 23:39
| #10 | ||
| | Google erzwingt falsche LinksZitat:
Zitat:
Der Log von GMER kommt sofort im anschluss |
|
17.02.2009, 23:51
| #11 |
| | Google erzwingt falsche Links sollte ich vllt den Bitdefender beim Durchlauf von GMER ausschalten? Code:
ATTFilter GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-17 23:47:29
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.14 ----
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenProcess [0xA8045BCE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenThread [0xA8045CBC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwTerminateProcess [0xA8045B32]
INT 0x51 ? 87621BF8
INT 0x62 ? 87621BF8
INT 0x72 ? 87621BF8
INT 0x92 ? 8592BBF8
INT 0x92 ? 87621BF8
INT 0x92 ? 87621BF8
INT 0x92 ? 87621BF8
INT 0x92 ? 8592BBF8
INT 0xB2 ? 84F98BF8
INT 0xB2 ? 84F98BF8
INT 0xB2 ? 84F98BF8
INT 0xB2 ? 84F98BF8
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!KeSetTimerEx + 624 82105BE8 4 Bytes [ CE, 5B, 04, A8 ]
.text ntkrnlpa.exe!KeSetTimerEx + 640 82105C04 4 Bytes [ BC, 5C, 04, A8 ]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82105E18 4 Bytes [ 32, 5B, 04, A8 ]
? System32\Drivers\splq.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload 8E11346F 5 Bytes JMP 876211D8
.text a4cspnj6.SYS 8E1B8000 22 Bytes [ 26, 12, 02, 82, 10, 11, 02, ... ]
.text a4cspnj6.SYS 8E1B8017 126 Bytes [ 00, 32, E7, 79, 80, 3D, E5, ... ]
.text a4cspnj6.SYS 8E1B8096 18 Bytes [ 0A, 82, 44, 13, 0A, 82, 9C, ... ]
.text a4cspnj6.SYS 8E1B80A9 35 Bytes [ 00, 0A, 82, A0, F7, 09, 82, ... ]
.text a4cspnj6.SYS 8E1B80CE 10 Bytes [ 00, 00, 00, 00, 00, 00, 66, ... ]
.text ...
? C:\Windows\system32\Drivers\PROCEXP90.SYS Das System kann die angegebene Datei nicht finden. !
? C:\ComboFix\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[5076] USER32.dll!DialogBoxIndirectParamW 75D4BD25 5 Bytes JMP 6ADA5CBB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5076] USER32.dll!DialogBoxParamW 75D61FD5 5 Bytes JMP 6ADA5C45 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5076] USER32.dll!DialogBoxParamA 75D880B2 5 Bytes JMP 6ADA5C80 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5076] USER32.dll!DialogBoxIndirectParamA 75D883DD 5 Bytes JMP 6ADA5CF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5076] USER32.dll!MessageBoxIndirectA 75D9D471 5 Bytes JMP 6ADA5C01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5076] USER32.dll!MessageBoxIndirectW 75D9D56B 5 Bytes JMP 6ADA5BBD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5076] USER32.dll!MessageBoxExA 75D9D5D1 5 Bytes JMP 6ADA5B83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5076] USER32.dll!MessageBoxExW 75D9D5F5 5 Bytes JMP 6ADA5B49 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806956D2] \SystemRoot\System32\Drivers\splq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80695040] \SystemRoot\System32\Drivers\splq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806957FC] \SystemRoot\System32\Drivers\splq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806950BE] \SystemRoot\System32\Drivers\splq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069513C] \SystemRoot\System32\Drivers\splq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A5048] \SystemRoot\System32\Drivers\splq.sys
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8E1DDFBC] \SystemRoot\System32\Drivers\a4cspnj6.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortReadPortUshort] 1DDFC8A1
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A8E
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\a4cspnj6.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8592E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{89C9DCF9-D0E8-4EC4-94A5-BC79A9B6D0BB} 91141380
Device \Driver\volmgr \Device\VolMgrControl 84F9B1F8
Device \Driver\usbuhci \Device\USBPDO-0 877331F8
Device \Driver\usbuhci \Device\USBPDO-1 877331F8
Device \Driver\usbuhci \Device\USBPDO-2 877331F8
Device \Driver\usbehci \Device\USBPDO-3 877351F8
Device \Driver\usbuhci \Device\USBPDO-4 877331F8
AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
Device \Driver\usbuhci \Device\USBPDO-5 877331F8
Device \Driver\usbuhci \Device\USBPDO-6 877331F8
Device \Driver\volmgr \Device\HarddiskVolume1 84F9B1F8
Device \Driver\usbehci \Device\USBPDO-7 877351F8
Device \Driver\volmgr \Device\HarddiskVolume2 84F9B1F8
Device \Driver\cdrom \Device\CdRom0 877F31F8
Device \Driver\volmgr \Device\HarddiskVolume3 84F9B1F8
Device \Driver\cdrom \Device\CdRom1 877F31F8
Device \Driver\volmgr \Device\HarddiskVolume4 84F9B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 91141380
Device \Driver\Smb \Device\NetbiosSmb 9113B1F8
Device \Driver\PCI_PNP8172 \Device\0000005a splq.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{8A8C9C6C-B5AD-454C-AE28-E1F751E3B604} 91141380
Device \Driver\iScsiPrt \Device\RaidPort0 878161F8
Device \Driver\sptd \Device\818576190 splq.sys
AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys
Device \Driver\usbuhci \Device\USBFDO-0 877331F8
Device \Driver\usbuhci \Device\USBFDO-1 877331F8
Device \Driver\usbuhci \Device\USBFDO-2 877331F8
Device \Driver\netbt \Device\NetBT_Tcpip_{A80952E6-AE6E-4BE2-90DB-AE1ADD7DFC3E} 91141380
Device \Driver\usbehci \Device\USBFDO-3 877351F8
Device \Driver\usbuhci \Device\USBFDO-4 877331F8
Device \Driver\usbuhci \Device\USBFDO-5 877331F8
Device \Driver\usbuhci \Device\USBFDO-6 877331F8
Device \Driver\usbehci \Device\USBFDO-7 877351F8
Device \Driver\a4cspnj6 \Device\Scsi\a4cspnj61Port6Path0Target0Lun0 878061F8
Device \Driver\a4cspnj6 \Device\Scsi\a4cspnj61 878061F8
Device \Driver\JMCR \Device\Scsi\JMCR1 877DF500
Device \Driver\JMCR \Device\Scsi\JMCR2 877DF500
Device \Driver\JMCR \Device\Scsi\JMCR3 877DF500
Device \Driver\JMCR \Device\Scsi\JMCR4 877DF500
Device \FileSystem\cdfs \Cdfs 853FE1F8
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAB 0x3C 0x18 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x00 0xD2 0x8E 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0x11 0x97 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAB 0x3C 0x18 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x00 0xD2 0x8E 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0x11 0x97 0xFC ...
---- Files - GMER 1.0.14 ----
File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFE410SE\errorPageStrings[1] 978 bytes
File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFE410SE\ErrorPageTemplate[2] 2168 bytes
---- EOF - GMER 1.0.14 ----
|
|
18.02.2009, 04:10
| #12 |
| | Google erzwingt falsche Links Hallo aces Soweit so gut. Ich kann kein Rootkit erkennen Über entsprechende Einträge verfügt der GMER Log NICHT. Ich denke der Großteil der Arbeit ist gemacht, möchte aber hier chris4you nicht weiter in die Parade fahren. Ich denke er hat schon eine Strategie die dein system retten wird.... Ich drück die Daumen |
|
18.02.2009, 08:46
| #13 |
| | Google erzwingt falsche Links Hi, Du hast sehr viele neue Files/Programme auf dem Rechner, das macht die Sache etwas "unübersichtlich"... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter c:\windows\System32\xa68148085.exe
c:\windows\System32\xa68147897.exe
c:\windows\System32\bdod.bin (Bitdefender?)
c:\windows\System32\wininet.dll (kürzlich geändert worden...)
c:\windows\System32\drivers\jmcr.sys
c:\windows\System32\Drivers\splq.sys
c:\windows\System32\Drivers\a4cspnj6.SYS
c:\program files\TrueSuite Access Manager\IconOvrly.dll
Du hast in dem Mountpoint einige autoruns drin, gewollt? [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9647d6ab-fab1-11dd-baa3-00037a95202a}] \shell\AutoRun\command - G:\autorun.exe \shell\directx\command - g:\directx9\dxsetup.exe \shell\setup\command - G:\setup.exe Sonst per Regedit die Schlüssel löschen... Wirst Du noch umgeleitet? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
19.02.2009, 03:23
| #14 | |||
| | Google erzwingt falsche LinksZitat:
Code:
ATTFilter
a-squared 4.0.0.93 2009.02.19 Riskware.Keygen.Adobe!IK
eSafe 7.0.17.0 2009.02.18 Win32.TrojanHorse
Ikarus T3.1.1.45.0 2009.02.19 not-a-Virus.Keygen.Adobe
McAfee 5529 2009.02.17 Generic.dx
McAfee+Artemis 5529 2009.02.17 Generic.dx
Panda 9.4.3.20 2009.02.18 Generic Malware
Prevx1 V2 2009.02.19 High Risk Worm
TrendMicro 8.700.0.1004 2009.02.18 PAK_Generic.001
weitere Informationen
File size: 73728 bytes
MD5...: 86c5405a9226040aca68f073bbc5c0a0
SHA1..: 3961bfbe968287b9e4792bd6dee3f89b7290886d
SHA256: 1371f04463778e441b97bc6cbd6b7cb4569c5ad311dcc36698b3602b07f9ea51
SHA512: 1a8a1eefd2c7f3037b4fd28745d4964f13953e0f3c0b16143b08fb7401a7f01f
fb0d42b3ae9928a9d0f56a5e1772c8861585f01883b271387eb0184f7f680992
ssdeep: 1536:0RbLGsaCh7/W2qbRlL357HWfGy6QIQktG5qYU+RIIwdG1oD:0NVZ/W2wyIQ
kM5Q+RIJG1
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
Win32 EXE Yoda's Crypter (54.4%)
Win32 Executable Generic (17.4%)
Win32 Dynamic Link Library (generic) (15.5%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x497520
timedatestamp.....: 0x8d6a5b5aL (invalid)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x86000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x87000 0x11000 0x10800 7.88 b0bfd38e18402ebc2e8303836abd9fd4
.rsrc 0x98000 0x1000 0xa00 3.10 779e1f5c9585bb0314ef9e697c746520
( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> DSOUND.dll: DirectSoundCreate
> GDI32.dll: BitBlt
> SHELL32.DLL: Shell_NotifyIcon
> USER32.dll: GetDC
( 0 exports )
packers (Kaspersky): UPX
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=86c5405a9226040aca68f073bbc5c0a0' target='_blank'>http://www.threatexpert.com/report.aspx?md5=86c5405a9226040aca68f073bbc5c0a0</a>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4C8FB7260047DAC0207D01DEE53C1B001ACAC2BE' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4C8FB7260047DAC0207D01DEE53C1B001ACAC2BE</a>
packers (F-Prot): UPX
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=86c5405a9226040aca68f073bbc5c0a0' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=86c5405a9226040aca68f073bbc5c0a0</a>
Zitat:
Code:
ATTFilter
a-squared 4.0.0.93 2009.02.19 Riskware.Keygen.Adobe!IK
eSafe 7.0.17.0 2009.02.18 Win32.TrojanHorse
Ikarus T3.1.1.45.0 2009.02.19 not-a-Virus.Keygen.Adobe
McAfee 5529 2009.02.17 Generic.dx
McAfee+Artemis 5529 2009.02.17 Generic.dx
Panda 9.4.3.20 2009.02.18 Generic Malware
Prevx1 V2 2009.02.19 High Risk Worm
TrendMicro 8.700.0.1004 2009.02.18 PAK_Generic.001
weitere Informationen
File size: 73728 bytes
MD5...: 86c5405a9226040aca68f073bbc5c0a0
SHA1..: 3961bfbe968287b9e4792bd6dee3f89b7290886d
SHA256: 1371f04463778e441b97bc6cbd6b7cb4569c5ad311dcc36698b3602b07f9ea51
SHA512: 1a8a1eefd2c7f3037b4fd28745d4964f13953e0f3c0b16143b08fb7401a7f01f
fb0d42b3ae9928a9d0f56a5e1772c8861585f01883b271387eb0184f7f680992
ssdeep: 1536:0RbLGsaCh7/W2qbRlL357HWfGy6QIQktG5qYU+RIIwdG1oD:0NVZ/W2wyIQ
kM5Q+RIJG1
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
Win32 EXE Yoda's Crypter (54.4%)
Win32 Executable Generic (17.4%)
Win32 Dynamic Link Library (generic) (15.5%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x497520
timedatestamp.....: 0x8d6a5b5aL (invalid)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x86000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x87000 0x11000 0x10800 7.88 b0bfd38e18402ebc2e8303836abd9fd4
.rsrc 0x98000 0x1000 0xa00 3.10 779e1f5c9585bb0314ef9e697c746520
( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> DSOUND.dll: DirectSoundCreate
> GDI32.dll: BitBlt
> SHELL32.DLL: Shell_NotifyIcon
> USER32.dll: GetDC
( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4C8FB7260047DAC0207D01DEE53C1B001ACAC2BE' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4C8FB7260047DAC0207D01DEE53C1B001ACAC2BE</a>
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=86c5405a9226040aca68f073bbc5c0a0' target='_blank'>http://www.threatexpert.com/report.aspx?md5=86c5405a9226040aca68f073bbc5c0a0</a>
packers (Kaspersky): UPX
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=86c5405a9226040aca68f073bbc5c0a0' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=86c5405a9226040aca68f073bbc5c0a0</a>
packers (F-Prot): UPX
Zitat:
Code:
ATTFilter
a-squared 4.0.0.93 2009.02.19 -
AhnLab-V3 2009.2.19.0 2009.02.18 -
AntiVir 7.9.0.83 2009.02.18 -
Authentium 5.1.0.4 2009.02.18 -
Avast 4.8.1335.0 2009.02.18 -
AVG 8.0.0.237 2009.02.19 -
BitDefender 7.2 2009.02.19 -
CAT-QuickHeal 10.00 2009.02.18 -
ClamAV 0.94.1 2009.02.18 -
Comodo 983 2009.02.18 -
DrWeb 4.44.0.09170 2009.02.19 -
eSafe 7.0.17.0 2009.02.18 -
eTrust-Vet 31.6.6364 2009.02.19 -
F-Prot 4.4.4.56 2009.02.18 -
F-Secure 8.0.14470.0 2009.02.19 -
Fortinet 3.117.0.0 2009.02.18 -
GData 19 2009.02.19 -
Ikarus T3.1.1.45.0 2009.02.19 -
K7AntiVirus 7.10.630 2009.02.18 -
Kaspersky 7.0.0.125 2009.02.19 -
McAfee 5529 2009.02.17 -
McAfee+Artemis 5529 2009.02.17 -
Microsoft 1.4306 2009.02.18 -
NOD32 3866 2009.02.18 -
Norman 6.00.06 2009.02.18 -
nProtect 2009.1.8.0 2009.02.19 -
Panda 9.4.3.20 2009.02.18 -
PCTools 4.4.2.0 2009.02.18 -
Prevx1 V2 2009.02.19 -
Rising 21.17.22.00 2009.02.18 -
SecureWeb-Gateway 6.7.6 2009.02.18 -
Sophos 4.38.0 2009.02.18 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.19 -
TheHacker 6.3.2.2.259 2009.02.18 -
TrendMicro 8.700.0.1004 2009.02.18 -
VBA32 3.12.10.0 2009.02.18 -
ViRobot 2009.2.18.1613 2009.02.18 -
VirusBuster 4.5.11.0 2009.02.18 -
weitere Informationen
File size: 81984 bytes
MD5...: b5c0d665245f4aaa116d865722642886
SHA1..: 87870042cd0e502c1d2c29449c1349012f17f076
SHA256: ce6f9d87aef042c21c191da0854aeef3bd7f25578127c5aa295ce9aabb6829eb
SHA512: 6b2c858ab01b363d7196daee3f186bd5375552004f1e6d34e09d4c42e29dd1ad
34cdd97da3366e90238a648040362242b5c2da12af97109e73439ec0beefec0c
ssdeep: 384:ddGA5DR3l+a366tbHz/Fl/5bUaihYbreReHawj3Jm0jwjo1i3oEZwPvXssss
sW8W:dpFOwrrJvMj42FuHsssssWSgx
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
|
|
19.02.2009, 03:32
| #15 | ||
| | Google erzwingt falsche LinksZitat:
Code:
ATTFilter a-squared 4.0.0.93 2009.02.19 -
AhnLab-V3 2009.2.19.0 2009.02.18 -
AntiVir 7.9.0.83 2009.02.18 -
Authentium 5.1.0.4 2009.02.18 -
Avast 4.8.1335.0 2009.02.18 -
AVG 8.0.0.237 2009.02.19 -
BitDefender 7.2 2009.02.19 -
CAT-QuickHeal 10.00 2009.02.18 -
ClamAV 0.94.1 2009.02.18 -
Comodo 983 2009.02.18 -
DrWeb 4.44.0.09170 2009.02.19 -
eSafe 7.0.17.0 2009.02.18 -
eTrust-Vet 31.6.6364 2009.02.19 -
F-Prot 4.4.4.56 2009.02.18 -
F-Secure 8.0.14470.0 2009.02.19 -
Fortinet 3.117.0.0 2009.02.18 -
GData 19 2009.02.19 -
Ikarus T3.1.1.45.0 2009.02.19 -
K7AntiVirus 7.10.630 2009.02.18 -
Kaspersky 7.0.0.125 2009.02.19 -
McAfee 5529 2009.02.17 -
McAfee+Artemis 5529 2009.02.17 -
Microsoft 1.4306 2009.02.18 -
NOD32 3866 2009.02.18 -
Norman 6.00.06 2009.02.18 -
nProtect 2009.1.8.0 2009.02.19 -
Panda 9.4.3.20 2009.02.18 -
PCTools 4.4.2.0 2009.02.18 -
Prevx1 V2 2009.02.19 -
Rising 21.17.22.00 2009.02.18 -
SecureWeb-Gateway 6.7.6 2009.02.18 -
Sophos 4.38.0 2009.02.18 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.19 -
TheHacker 6.3.2.2.259 2009.02.18 -
TrendMicro 8.700.0.1004 2009.02.18 -
VBA32 3.12.10.0 2009.02.18 -
ViRobot 2009.2.18.1613 2009.02.18 -
VirusBuster 4.5.11.0 2009.02.18 -
weitere Informationen
File size: 827392 bytes
MD5...: fb79a2aa5e92653b9a394fe26d799bf8
SHA1..: 43c9ec603bafd029fadd624b37f3a69fdabd8b06
SHA256: 32078f9187c93831f73060894a79cca85cbc35f85434952ad45ab9df203ceb26
SHA512: fc3259ec7c9c59f35d74d39f4aeb9daf4205501aa8aae6d0e32039cb26566c24
3b8b0ee089a9bde249d39744b6f289e44e3d16cdc288ee6a3b979239c64c6121
ssdeep: 12288:3k+p7d80EidHyru31JreaZ7xYgokqwONoTPIot32dkMMIMMutuEfXlf:Um
hPvJBFj7xzOyTPjmdkMMIMMurl
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7172169e
timedatestamp.....: 0x496ed17b (Thu Jan 15 06:02:35 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9b230 0x9b400 6.60 d663c0427f3837223fbe2d16bdec3b26
.data 0x9d000 0x7798 0x4200 1.42 75410b0084e119c26f4e77bb0e9fc9b9
.rsrc 0xa5000 0x24d58 0x24e00 4.73 fb53221d321a79956b7c441500d550d9
.reloc 0xca000 0x56b0 0x5800 6.73 4903969d40cde619b28255e11242dd91
( 8 imports )
> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, _iob, isleadbyte, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, islower, __isascii, strtol, memmove, strrchr, atoi, realloc, free, malloc, wcstok, _vsnprintf, memcpy, memset, _vsnwprintf, wcsncmp, bsearch, _wcsnicmp, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, strtoul, time, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr
> ntdll.dll: RtlConvertSidToUnicodeString, RtlUnwind, RtlMoveMemory
> SHLWAPI.dll: SHRegGetValueW, PathAddBackslashW, -, SHRegGetValueA, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, PathCombineW, PathFindFileNameW, StrStrIA
> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, TraceEvent, DuplicateTokenEx, ConvertStringSidToSidA, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsA, RegQueryInfoKeyW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus
> KERNEL32.dll: DosDateTimeToFileTime, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileA, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, FreeLibraryAndExitThread, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetModuleHandleA, FormatMessageA, SetErrorMode, FlushViewOfFile, SystemTimeToFileTime, GetTickCount, TlsFree, TlsGetValue, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, lstrlenW, DeleteFileA, FormatMessageW, GetSystemTime, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSection, InterlockedDecrement, lstrlenA, lstrcmpiA, InterlockedIncrement, DeleteCriticalSection, ResetEvent, LocalFree, ReleaseMutex, CompareStringA, CreateMutexA, CreateEventA, MultiByteToWideChar, WideCharToMultiByte, WaitForSingleObject, OutputDebugStringA, UnmapViewOfFile, SetEndOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, LoadLibraryW, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetModuleFileNameW, GetComputerNameA, LoadResource, FindResourceExW, LocalAlloc, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, InitializeCriticalSectionAndSpinCount, WritePrivateProfileStringW, GetFileAttributesW, GetModuleHandleW, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDBCSLeadByteEx, GetProcAddress, LoadLibraryA, FreeLibrary, SetEvent, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW
> USER32.dll: CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, GetWindowThreadProcessId, EnumChildWindows, IsWindowVisible, GetAncestor, EnumWindows, CharNextExA, PostMessageA, IsWindow, SetWindowPos, SetDlgItemTextW, DestroyIcon, SetForegroundWindow, GetWindow, GetWindowRect, EqualRect, IntersectRect, EndDialog, SetFocus, GetDlgItem, SetWindowTextW, EnableWindow, KillTimer, FindWindowW, RegisterWindowMessageW, PostMessageW, DestroyWindow, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA
> Normaliz.dll: IdnToUnicode, IdnToAscii
> iertutil.dll: -, -, -, -
( 229 exports )
CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl
Zitat:
Code:
ATTFilter a-squared 4.0.0.93 2009.02.19 -
AhnLab-V3 2009.2.19.0 2009.02.18 -
AntiVir 7.9.0.83 2009.02.18 -
Authentium 5.1.0.4 2009.02.18 -
Avast 4.8.1335.0 2009.02.18 -
AVG 8.0.0.237 2009.02.19 -
BitDefender 7.2 2009.02.19 -
CAT-QuickHeal 10.00 2009.02.18 -
ClamAV 0.94.1 2009.02.18 -
Comodo 983 2009.02.18 -
DrWeb 4.44.0.09170 2009.02.19 -
eSafe 7.0.17.0 2009.02.18 -
eTrust-Vet 31.6.6364 2009.02.19 -
F-Prot 4.4.4.56 2009.02.18 -
F-Secure 8.0.14470.0 2009.02.19 -
Fortinet 3.117.0.0 2009.02.18 -
GData 19 2009.02.19 -
Ikarus T3.1.1.45.0 2009.02.19 -
K7AntiVirus 7.10.630 2009.02.18 -
Kaspersky 7.0.0.125 2009.02.19 -
McAfee 5529 2009.02.17 -
McAfee+Artemis 5529 2009.02.17 -
Microsoft 1.4306 2009.02.18 -
NOD32 3866 2009.02.18 -
Norman 6.00.06 2009.02.18 -
nProtect 2009.1.8.0 2009.02.19 -
Panda 9.4.3.20 2009.02.18 -
PCTools 4.4.2.0 2009.02.18 -
Prevx1 V2 2009.02.19 -
Rising 21.17.22.00 2009.02.18 -
SecureWeb-Gateway 6.7.6 2009.02.18 -
Sophos 4.38.0 2009.02.18 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.19 -
TheHacker 6.3.2.2.259 2009.02.18 -
TrendMicro 8.700.0.1004 2009.02.18 -
VBA32 3.12.10.0 2009.02.18 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot 2009.2.18.1613 2009.02.18 -
VirusBuster 4.5.11.0 2009.02.18 -
weitere Informationen
File size: 86672 bytes
MD5...: 5ee25c846a119a75d66a485cf8e77e78
SHA1..: 9fe0777dbc184f53be28b3d55d0ab22865ffe6c6
SHA256: ec468157e6833fb468b64fcdcfb0a3dbf5a2764550313eaa9921e1d5c59c7ab7
SHA512: 88f8c8eb789a3368ad45b52283dca94089bc69b1afd3574f10375e66eb5d8c88
34ef6bb79084b22fe3598ec8b671bfd55eeada3eea5a186abdf6875092b2e786
ssdeep: 1536:QjVd2FS2Lc2HNQX+yooeV3UqOfnYVkNl9vNEf1fW6XCIrgAwckp:MWSJ9qV
RfkjQ+IrgAwckp
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x12e54
timedatestamp.....: 0x4833d024 (Wed May 21 07:32:52 2008)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x1276c 0x12780 6.51 2a6847a040205d6750184627601ad3ab
.rdata 0x12c00 0x761 0x780 5.62 83c76f19fbba9715bbfe9cead0f73664
.data 0x13380 0x761 0x780 0.98 da287b85095fd9c057ff167e9fcf6fc4
INIT 0x13b00 0x672 0x680 5.33 7ae27b6c5302c0da51713d7792eede8d
.rsrc 0x14180 0x3d8 0x400 3.29 3f1e25dd0fad01cc350fa29e46629616
.reloc 0x14580 0x926 0x980 5.43 d4b3957e6508c786c16acafa9ad34ebd
( 3 imports )
> ntoskrnl.exe: KeWaitForSingleObject, IoGetDeviceProperty, ObReferenceObjectByHandle, PsCreateSystemThread, KeSetTimerEx, ObfDereferenceObject, IoBuildSynchronousFsdRequest, IoGetAttachedDeviceReference, ExFreePoolWithTag, RtlInitUnicodeString, IoDeleteDevice, KeInitializeEvent, IoAttachDeviceToDeviceStack, IoCreateDevice, MmMapLockedPagesSpecifyCache, KeInitializeDpc, KeInitializeTimer, IofCallDriver, IoInvalidateDeviceState, ZwCreateKey, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, ZwClose, PsGetVersion, KeQueryTimeIncrement, _allmul, KeTickCount, wcslen, KeRemoveQueueDpc, ExAllocatePoolWithTag, _alldiv, KeInitializeSpinLock, RtlQueryRegistryValues, PoStartNextPowerIrp, IofCompleteRequest, PoRequestPowerIrp, KeClearEvent, KeDelayExecutionThread, KeCancelTimer, PsTerminateSystemThread, KeInsertQueueDpc, RtlCompareMemory, IoDetachDevice, KeSetEvent
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock, KeStallExecutionProcessor, HalGetBusDataByOffset, HalSetBusDataByOffset, KeGetCurrentIrql
> SCSIPORT.SYS: ScsiPortValidateRange, ScsiPortGetDeviceBase, ScsiPortInitialize, ScsiPortGetPhysicalAddress, ScsiPortCompleteRequest, ScsiPortNotification, ScsiPortGetBusData, ScsiPortSetBusDataByOffset, ScsiPortGetUncachedExtension
( 0 exports )
|
|
| Themen zu Google erzwingt falsche Links |
| agere systems, antivir, antivirus, avira, bho, bonjour, defender, desktop, ebay, f-secure, gebraucht, google, hijack, hijackthis, internet, internet explorer, logfile, magix, performance, rundll, saver, security, senden, server, software, solution, spyware, system, tuneup.defrag, uleadburninghelper, vista, windows, windows defender, windows sidebar |
Linear-Darstellung
