| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Suchergebnisse ohne Umlaute und z.T. falsche LinkweiterleitungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2009, 15:21
| #1 |
 |  Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Hallo, kann mir jemand helfen? Mein Problem tritt ja bei einigen Nutzern auf, nur bei jedem ein bisschen anders. Bei Google Suchergebnissen tauchen anstatt Umlaute manchmal 2 komische Zeichen auf und die Linkweiterleitung ist dann auf eine falsche Seite. Mein Norton findet keine Viren, Microsofts Essentials auch nicht. Wie kann ich ein Neuaufsetzen des Systems doch noch verhindern? HILFE!! ********************************************************* Malwarebytes' Anti-Malware 1.42 Datenbank Version: 3436 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 28.12.2009 15:06:44 mbam-log-2009-12-28 (15-06-44).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 99290 Laufzeit: 7 minute(s), 56 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ******************************************************** IM ANHANG DANN AUCH DIE INFO.TXT UND LOG.TXT VON RSIT DANKE SCHON IM VORRAUS EDDIE |
|
28.12.2009, 22:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Hallo und
__________________ 1.) Mit Malwarebytes solltest Du einen vollständigen und nicht nur einen Quick Scan machen. 2.) Weiterleitungen nur im IE oder auch bei anderen Browsern? 3.) Lade dir Lop S&D herunter. Führe Lop S&D.exe per Doppelklick aus. VISTA-User: Rechtsklick => Ausführen als Admin!! Wähle die Sprache deiner Wahl und anschließend die Option 1. Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).
__________________ |
|
29.12.2009, 13:59
| #3 |
| | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Danke erstmal für die Antwort :-)
__________________************************************** Zu 1) Hab ich getan. Malwarebytes Vollscan: Malwarebytes' Anti-Malware 1.42 Datenbank Version: 3436 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 29.12.2009 13:41:17 mbam-log-2009-12-29 (13-41-17).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 255061 Laufzeit: 1 hour(s), 22 minute(s), 32 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ********************************************** Zu 2) Ich benutze nur den IE (Weiterleitung passiert sporadisch, allerdings haben die Seiten auf denen ich lande immer was mit dem Suchbegriff zu tun. Bsp. Suchbegriff "Schuler Pressen", 1 Google Suchergebnis schulergroup.cxm -klick ich drauf lande ich manchmal auf einer zwielichtigen Seite um Gebrauchtpressen zu kaufen.) ************************************************************* 3. Mach ich was falsch ? Habe in Vista ausführen als ADMINISTRATOR angeklickt. Trotzdem steht im Logfile : USER : superfury ( Not Administrator ! ) Info: USER superfury ist meinAdmin userprofil Trotzdem hier das Ergebnis: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 ) BIOS : Ver 1.000 USER : superfury ( Not Administrator ! ) BOOT : Normal boot Antivirus : Norton Internet Security 15.5.0.23 (Activated) Firewall : Norton Internet Security 15.5.0.23 (Activated) C:\ (Local Disk) - NTFS - Total:34 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:192 Go (Free:151 Go) E:\ (CD or DVD) G:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 29.12.2009|13:46 ) [ UAC => 1 ] --------------------\\ Ordner Verzeichnis unter Local [26.12.2009|00:01] C:\Users\SUPERF~1\AppData\Local\Adobe [20.03.2008|18:32] C:\Users\SUPERF~1\AppData\Local\Ahead [28.11.2009|16:49] C:\Users\SUPERF~1\AppData\Local\Aldi Süd Fotoservice [01.02.2008|17:22] C:\Users\SUPERF~1\AppData\Local\Anwendungsdaten [29.05.2009|23:21] C:\Users\SUPERF~1\AppData\Local\Apple [29.05.2009|23:27] C:\Users\SUPERF~1\AppData\Local\Apple Computer [29.05.2009|23:12] C:\Users\SUPERF~1\AppData\Local\ArcSoft [01.02.2008|17:23] C:\Users\SUPERF~1\AppData\Local\ATI [28.12.2009|11:35] C:\Users\SUPERF~1\AppData\Local\d3d9caps.dat [24.07.2008|17:56] C:\Users\SUPERF~1\AppData\Local\DassaultSystemes [28.11.2009|17:38] C:\Users\SUPERF~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [30.05.2009|00:08] C:\Users\SUPERF~1\AppData\Local\desktop.ini [08.11.2009|01:31] C:\Users\SUPERF~1\AppData\Local\eMule [24.06.2009|22:11] C:\Users\SUPERF~1\AppData\Local\GDIPFONTCACHEV1.DAT [29.12.2009|12:02] C:\Users\SUPERF~1\AppData\Local\IconCache.db [28.12.2009|10:55] C:\Users\SUPERF~1\AppData\Local\Microsoft [02.08.2008|09:06] C:\Users\SUPERF~1\AppData\Local\Microsoft Games [20.02.2008|18:17] C:\Users\SUPERF~1\AppData\Local\Microsoft Help [29.12.2009|13:45] C:\Users\SUPERF~1\AppData\Local\Temp [01.02.2008|17:22] C:\Users\SUPERF~1\AppData\Local\Temporary Internet Files [03.09.2008|18:06] C:\Users\SUPERF~1\AppData\Local\TomTom [01.02.2008|17:23] C:\Users\SUPERF~1\AppData\Local\Toshiba [28.04.2009|21:49] C:\Users\SUPERF~1\AppData\Local\TVU Networks [01.02.2008|17:22] C:\Users\SUPERF~1\AppData\Local\Verlauf [02.02.2008|18:43] C:\Users\SUPERF~1\AppData\Local\VirtualStore [25.10.2009|17:57] C:\Users\SUPERF~1\AppData\Local\Zattoo [03.09.2008|18:01] C:\Users\SUPERF~1\AppData\Local\ZattooPlayer [5|Datei(en),] C:\Users\SUPERF~1\AppData\Local\Bytes [24|Verzeichnis(se),] C:\Users\SUPERF~1\AppData\Local\Bytes frei --------------------\\ Geplante Aufgaben unter C:\Windows\Tasks [28.12.2009 19:59][--a------] C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - superfury.job [29.12.2009 01:46][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{5A5B4F45-D348-461B-9251-F6A019AE3529}.job [29.12.2009 12:03][--ah-----] C:\Windows\tasks\SA.DAT [29.12.2009 12:02][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Ordner Verzeichnis unter C:\ProgramData [16.10.2007|22:10] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [17.02.2008|22:08] C:\ProgramData\ACD Systems [28.12.2009|00:19] C:\ProgramData\Adobe [14.11.2008|19:24] C:\ProgramData\ALDI Sued Foto Service [14.11.2008|19:25] C:\ProgramData\ALDI_Sued_Fotoservice [01.02.2008|17:20] C:\ProgramData\Anwendungsdaten [03.02.2008|21:37] C:\ProgramData\AOL [03.02.2008|17:12] C:\ProgramData\AOL Downloads [29.05.2009|23:26] C:\ProgramData\Apple [29.05.2009|23:28] C:\ProgramData\Apple Computer [02.11.2006|14:02] C:\ProgramData\Application Data [30.05.2009|00:08] C:\ProgramData\ArcSoft [16.10.2007|16:57] C:\ProgramData\Atheros [16.10.2007|01:18] C:\ProgramData\ATI [18.02.2008|00:10] C:\ProgramData\CyberLink [24.07.2008|17:54] C:\ProgramData\DassaultSystemes [02.11.2006|14:02] C:\ProgramData\Desktop [02.11.2006|14:02] C:\ProgramData\Documents [01.02.2008|17:20] C:\ProgramData\Dokumente [02.04.2008|21:42] C:\ProgramData\DVD Shrink [08.11.2009|01:31] C:\ProgramData\eMule [02.04.2008|20:29] C:\ProgramData\ezsid.dat [01.02.2008|17:20] C:\ProgramData\Favoriten [02.11.2006|14:02] C:\ProgramData\Favorites [26.12.2009|00:07] C:\ProgramData\F-Secure [19.03.2009|19:31] C:\ProgramData\InstallShield [17.08.2009|16:46] C:\ProgramData\Lidl_Fotos [20.03.2008|18:39] C:\ProgramData\LightScribe [28.07.2008|21:19] C:\ProgramData\LUUnInstall.LiveUpdate [03.02.2008|21:15] C:\ProgramData\Macromedia [02.02.2008|17:09] C:\ProgramData\MAGIX [27.12.2009|01:38] C:\ProgramData\Malwarebytes [27.12.2009|23:27] C:\ProgramData\Microsoft [10.12.2009|19:43] C:\ProgramData\Microsoft Help [20.03.2008|18:26] C:\ProgramData\Nero [16.12.2009|19:00] C:\ProgramData\Norton [08.11.2009|01:34] C:\ProgramData\ntuser.pol [12.02.2008|00:32] C:\ProgramData\PY_Software [18.10.2008|23:11] C:\ProgramData\skinroyale [02.04.2008|20:35] C:\ProgramData\Skype [02.11.2006|14:02] C:\ProgramData\Start Menu [01.02.2008|17:20] C:\ProgramData\Startmenü [07.02.2009|22:22] C:\ProgramData\Symantec [28.07.2008|20:55] C:\ProgramData\Symantec Temporary Files [02.11.2006|14:02] C:\ProgramData\Templates [04.09.2009|09:39] C:\ProgramData\T-Online [24.11.2009|20:58] C:\ProgramData\TVU Networks [02.02.2008|13:59] C:\ProgramData\Viewpoint [01.02.2008|17:20] C:\ProgramData\Vorlagen [3|Datei(en),] C:\ProgramData\Bytes [48|Verzeichnis(se),] C:\ProgramData\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files [11.02.2008|23:45] C:\Program Files\Aardvark Digital [17.02.2008|22:08] C:\Program Files\ACD Systems [16.10.2007|22:10] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites [12.02.2008|00:32] C:\Program Files\Active WebCam [26.12.2009|00:01] C:\Program Files\Adobe [14.11.2008|19:24] C:\Program Files\ALDI Sued Foto Service [02.11.2009|23:35] C:\Program Files\Aldi Sued Fotoservice [29.05.2009|23:26] C:\Program Files\Apple Software Update [29.05.2009|23:10] C:\Program Files\ArcSoft [16.10.2007|16:57] C:\Program Files\Atheros [16.10.2007|01:05] C:\Program Files\ATI [16.10.2007|01:07] C:\Program Files\ATI Technologies [26.12.2009|00:01] C:\Program Files\Common Files [12.02.2008|00:02] C:\Program Files\concept design [17.02.2008|20:19] C:\Program Files\cool96 [03.02.2008|22:48] C:\Program Files\CyberLink [17.02.2008|23:07] C:\Program Files\DAEMON Tools Lite [24.07.2008|16:56] C:\Program Files\Dassault Systemes [13.10.2009|18:23] C:\Program Files\DivX [02.06.2008|20:17] C:\Program Files\DivxToDVD [11.02.2008|22:05] C:\Program Files\d-lusion [28.12.2009|11:28] C:\Program Files\DOSBox-0.72 [04.09.2009|09:37] C:\Program Files\DSL-Manager [01.02.2008|17:20] C:\Program Files\Gemeinsame Dateien [C:\Program Files\Common Files] [04.09.2009|09:37] C:\Program Files\InstallShield Installation Information [11.12.2009|10:45] C:\Program Files\Internet Explorer [25.12.2009|23:45] C:\Program Files\Java [06.02.2008|21:13] C:\Program Files\K-Lite Codec Pack [17.02.2008|23:03] C:\Program Files\Lame [25.10.2009|11:58] C:\Program Files\Lidl_Fotos [02.02.2008|17:11] C:\Program Files\MAGIX [17.02.2008|23:11] C:\Program Files\MatheAss [02.11.2006|13:37] C:\Program Files\Microsoft Games [17.02.2008|23:19] C:\Program Files\Microsoft Office [27.12.2009|23:28] C:\Program Files\Microsoft Security Essentials [16.10.2007|22:04] C:\Program Files\Microsoft Visual Studio [31.05.2009|12:10] C:\Program Files\Microsoft Works [16.10.2007|22:03] C:\Program Files\Microsoft.NET [09.02.2008|22:07] C:\Program Files\MixVibesLE [23.08.2009|16:07] C:\Program Files\Movie Maker [02.11.2006|13:37] C:\Program Files\MSBuild [16.10.2007|00:21] C:\Program Files\MSXML 4.0 [20.03.2008|18:26] C:\Program Files\Nero 8 [15.04.2009|21:01] C:\Program Files\Norton Internet Security [12.02.2008|21:13] C:\Program Files\n-tv [29.05.2009|22:56] C:\Program Files\Panasonic [26.12.2009|11:51] C:\Program Files\Panda Security [18.01.2009|16:46] C:\Program Files\PDFCreator [12.02.2008|21:27] C:\Program Files\Premiere [29.05.2009|23:29] C:\Program Files\QuickTime [12.02.2008|00:15] C:\Program Files\Real [16.10.2007|16:00] C:\Program Files\Realtek [02.11.2006|13:37] C:\Program Files\Reference Assemblies [28.02.2008|01:17] C:\Program Files\Sierra On-Line [17.02.2008|22:46] C:\Program Files\Smart Projects [24.10.2008|20:37] C:\Program Files\Software Elements [28.04.2009|19:20] C:\Program Files\SopCast [15.09.2009|20:45] C:\Program Files\StreamTorrent 1.0 [09.01.2009|19:32] C:\Program Files\Symantec [16.10.2007|17:10] C:\Program Files\System Control Manager [22.02.2008|20:59] C:\Program Files\Systhema [31.05.2009|13:00] C:\Program Files\TomTom HOME 2 [31.05.2009|13:00] C:\Program Files\TomTom International B.V [02.02.2008|18:36] C:\Program Files\Toshiba [05.05.2009|20:18] C:\Program Files\TVAnts [24.11.2009|20:58] C:\Program Files\TVUPlayer [02.11.2006|14:01] C:\Program Files\Uninstall Information [29.03.2009|01:44] C:\Program Files\vanBasco's Karaoke Player [05.02.2008|03:19] C:\Program Files\VideoLAN [02.02.2008|13:59] C:\Program Files\Viewpoint [17.02.2008|16:53] C:\Program Files\Winamp [23.08.2009|16:07] C:\Program Files\Windows Calendar [23.08.2009|16:07] C:\Program Files\Windows Collaboration [23.08.2009|16:07] C:\Program Files\Windows Defender [23.08.2009|16:07] C:\Program Files\Windows Journal [28.12.2009|10:54] C:\Program Files\Windows Live Safety Center [11.12.2009|10:45] C:\Program Files\Windows Mail [28.10.2009|18:39] C:\Program Files\Windows Media Player [01.02.2008|17:20] C:\Program Files\Windows NT [23.08.2009|16:07] C:\Program Files\Windows Photo Gallery [18.11.2009|03:21] C:\Program Files\Windows Portable Devices [23.08.2009|16:07] C:\Program Files\Windows Sidebar [16.10.2007|18:50] C:\Program Files\WinRAR 3.61 Multi [10.11.2009|00:09] C:\Program Files\XMedia Recode [13.10.2009|18:36] C:\Program Files\XviD [26.07.2008|19:20] C:\Program Files\Zattoo [12.02.2008|21:16] C:\Program Files\ZDF [0|Datei(en),] C:\Program Files\Bytes [89|Verzeichnis(se),] C:\Program Files\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files [17.02.2008|22:08] C:\Program Files\Common Files\ACD Systems [26.12.2009|00:01] C:\Program Files\Common Files\Adobe [03.02.2008|21:37] C:\Program Files\Common Files\aol [29.05.2009|23:11] C:\Program Files\Common Files\ArcSoft [16.10.2007|22:04] C:\Program Files\Common Files\DESIGNER [16.03.2009|21:44] C:\Program Files\Common Files\DivX Shared [19.03.2009|19:31] C:\Program Files\Common Files\InstallShield [20.03.2008|18:33] C:\Program Files\Common Files\LightScribe [02.02.2008|17:10] C:\Program Files\Common Files\MAGIX Shared [31.05.2009|12:10] C:\Program Files\Common Files\microsoft shared [20.03.2008|18:29] C:\Program Files\Common Files\Nero [02.02.2008|14:00] C:\Program Files\Common Files\Nullsoft [12.02.2008|00:15] C:\Program Files\Common Files\Real [02.11.2006|12:18] C:\Program Files\Common Files\Services [02.11.2006|12:18] C:\Program Files\Common Files\SpeechEngines [27.02.2009|19:12] C:\Program Files\Common Files\Symantec Shared [23.08.2009|16:07] C:\Program Files\Common Files\System [04.09.2009|09:39] C:\Program Files\Common Files\T-Com [12.02.2008|00:15] C:\Program Files\Common Files\xing shared [0|Datei(en),] C:\Program Files\Common Files\Bytes [21|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei --------------------\\ Process ( 70 Processes ) iexplore.exe ~ [PID:6120] iexplore.exe ~ [PID:4712] --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern Kein Lop Ordner gefunden ! --------------------\\ Suche innerhalb der Registry ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-12-29 13:47:02 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Suche nach anderen Infektionen Kein anderen Infektionen gefunden ! [F:9][D:1]-> C:\Users\SUPERF~1\AppData\Local\Temp [F:6][D:1]-> C:\Users\SUPERF~1\AppData\Roaming\MICROS~1\Windows\Cookies [F:122][D:4]-> C:\Users\SUPERF~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:4][D:4]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 29.12.2009|13:46 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 29.12.2009|13:48 - Option : [1] --------------------\\ Scan beendet um 13:48:03 [ UAC => 1 ] ***************************************************** Bis bald Grüsse Eddie |
|
29.12.2009, 15:01
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google Suchergebnisse ohne Umlaute und z.T. falsche LinkweiterleitungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.12.2009, 18:11
| #5 |
| | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Vielen Dank, hoffentlich hast Du Recht und die Weiterleitungen sind wirklich nicht weiter schlimm. Ich denke ich komme Deiner Empfehlung nach und installiere Firefox. Kenn ich ja ganz gut von meinem Rechner am Arbeitsplatz. Grüsse und nochmal Danke für die Mühe. Eddie |
|
30.12.2009, 12:45
| #6 |
| | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Hallo nochmal ! INFO: Habe nun Firefox drauf - auch hier habe ich diese fehlerhaften Weiterleitungen. Ich werde bei gleichem Suchergebnis auf dieselben "falsche Seite" geleitet wie beim IE. IST DA DOCH NICHT WAS FAUL ??? GRUSS EDDIE |
|
30.12.2009, 12:57
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Das ist wirklich  mach bitte einen Durchlauf mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2009, 17:57
| #8 | |
| | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Hallo nochmal - ich finde das auch strange, aber es ist halt so...  Habe festgestellt, dass ich die Weiterleitungen, falls sie passieren, immer Suchergebnisabhängig sind und dies beim IE und bei Mozilla gleichermassen. D.h. bei gleichem Suchergebnis erfolgt auch die Weiterleitung auf die gleichen Seiten. Das sind bisher immer 1 oder 2 fixe Seiten pro Link die beim Linkanklicken aufgehen (IE und Mozilla). Das Problem ist deshalb sogar bei gleicher Vorgehensweise sporadisch reproduzierbar.(sporadisch = da falsche Weiterleitung ja nicht jedesmal erfolgt) Habe mit CC alles bereinigt & hab ComboFix durch, aber Zitat:
Ich konnte die Prozesse gar nicht beenden. Habe halt alles mögliche ausgeschaltet, aber ob das was genutzt hat... Hier das Ergebnis von Combofix: ComboFix 09-12-29.05 - superfury 30.12.2009 15:38:32.1.2 - x86 ausgeführt von:: c:\users\superfury\Desktop\cofi.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-2236443121-1129655142-4120942203-500 . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_USB2 ((((((((((((((((((((((( Dateien erstellt von 2009-11-28 bis 2009-12-30 )))))))))))))))))))))))))))))) . 2009-12-30 01:48 . 2009-12-30 01:52 -------- d-----w- c:\users\superfury\AppData\Roaming\Q-Dir 2009-12-30 01:48 . 2009-12-30 01:48 -------- d-----w- c:\program files\Q-Dir 2009-12-29 17:23 . 2009-12-29 17:23 -------- d-----w- c:\users\superfury\AppData\Local\Mozilla 2009-12-29 12:41 . 2009-12-29 12:48 -------- d-----w- C:\Lop SD 2009-12-28 18:18 . 2009-12-28 18:18 -------- d-----w- c:\users\Gilli & Eddie\AppData\Roaming\vlc 2009-12-28 18:04 . 2009-12-28 18:04 -------- d-----w- c:\users\Gilli & Eddie\AppData\Roaming\ATI 2009-12-28 18:04 . 2009-12-28 18:04 -------- d-----w- c:\users\Gilli & Eddie\AppData\Local\ATI 2009-12-28 18:04 . 2009-12-28 18:04 -------- d-----w- c:\users\Gilli & Eddie\AppData\Local\ArcSoft 2009-12-28 18:04 . 2009-12-28 18:04 -------- d-----w- c:\users\Gilli & Eddie\AppData\Local\Toshiba 2009-12-28 18:03 . 2009-12-28 18:04 115960 ----a-w- c:\users\Gilli & Eddie\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-28 18:03 . 2009-12-28 18:03 -------- d-----w- c:\users\Gilli & Eddie\AppData\Roaming\Symantec 2009-12-28 13:46 . 2009-12-28 14:13 -------- d-----w- C:\rsit 2009-12-28 10:30 . 2009-12-28 10:35 680 ----a-w- c:\users\superfury\AppData\Local\d3d9caps.dat 2009-12-27 23:08 . 2009-12-28 09:54 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-27 22:31 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-27 22:27 . 2009-12-27 22:28 -------- d-----w- c:\program files\Microsoft Security Essentials 2009-12-27 00:39 . 2009-12-27 00:39 -------- d-----w- c:\users\superfury\AppData\Roaming\Malwarebytes 2009-12-27 00:38 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-27 00:38 . 2009-12-27 00:38 -------- d-----w- c:\programdata\Malwarebytes 2009-12-27 00:38 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-26 10:54 . 2009-10-07 14:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys 2009-12-26 10:51 . 2009-12-30 11:31 -------- d-----w- c:\program files\Panda Security 2009-12-25 23:07 . 2009-12-25 23:07 -------- d-----w- c:\programdata\F-Secure 2009-12-25 23:01 . 2009-12-25 23:01 -------- d-----w- c:\program files\Common Files\Adobe 2009-12-25 22:47 . 2009-12-25 22:47 -------- d-----w- c:\windows\Sun 2009-12-25 22:46 . 2009-12-25 22:45 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-25 22:45 . 2009-12-25 22:45 -------- d-----w- c:\program files\Java 2009-12-25 19:22 . 2009-12-25 21:09 -------- d-----w- c:\windows\BDOSCAN8 2009-12-16 18:00 . 2009-12-16 18:00 -------- d-----w- c:\programdata\Norton 2009-12-11 15:00 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-11 15:00 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-11 15:00 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-01 21:33 . 2009-12-01 21:33 -------- d-----w- c:\users\superfury\AppData\Roaming\T-Online . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-30 14:42 . 2006-11-02 15:33 621952 ----a-w- c:\windows\system32\perfh007.dat 2009-12-30 14:42 . 2006-11-02 15:33 123658 ----a-w- c:\windows\system32\perfc007.dat 2009-12-30 14:38 . 2009-12-30 14:38 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS 2009-12-30 10:43 . 2008-02-11 23:02 -------- d-----w- c:\users\superfury\AppData\Roaming\concept design 2009-12-30 10:26 . 2009-12-30 10:26 716800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{AAC72F6F-DDB5-AB18-1166-57DB7122FF3D}-MediaImpression.exe 2009-12-28 10:28 . 2008-02-28 01:38 -------- d-----w- c:\program files\DOSBox-0.72 2009-12-23 17:41 . 2008-11-14 21:03 240797 ----a-w- c:\users\superfury\AppData\Roaming\mdbu.bin 2009-12-11 09:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-10 18:43 . 2007-10-16 21:00 -------- d-----w- c:\programdata\Microsoft Help 2009-12-10 09:00 . 2009-12-30 09:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091229.052\CCERASER.DLL 2009-12-10 09:00 . 2009-12-30 02:12 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091229.025\CCERASER.DLL 2009-11-24 19:58 . 2009-11-24 19:58 -------- d-----w- c:\programdata\TVU Networks 2009-11-24 19:58 . 2009-04-28 20:49 -------- d-----w- c:\program files\TVUPlayer 2009-11-22 16:25 . 2009-11-22 16:21 5562672 ----a-w- c:\users\superfury\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.9.1.exe 2009-11-21 06:40 . 2009-12-10 18:25 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-10 18:25 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-10 18:25 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-10 18:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-18 02:21 . 2009-11-18 02:21 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-18 02:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-18 02:19 . 2009-11-18 02:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-09 23:09 . 2009-11-09 22:26 -------- d-----w- c:\program files\XMedia Recode 2009-11-09 20:16 . 2009-07-07 20:24 -------- d-----w- c:\users\superfury\AppData\Roaming\vlc 2009-11-08 00:31 . 2009-11-08 00:31 -------- d-----w- c:\programdata\eMule 2009-11-02 22:35 . 2008-11-14 18:24 -------- d-----w- c:\program files\Aldi Sued Fotoservice 2009-10-29 09:17 . 2009-11-25 17:50 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-20 16:51 . 2009-10-20 16:51 1152248 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-10-08 21:08 . 2009-11-18 02:00 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:08 . 2009-11-18 02:00 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:07 . 2009-11-18 02:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-07 11:36 . 2009-12-10 18:25 243712 ----a-w- c:\windows\system32\rastls.dll 2009-03-31 20:47 . 2009-12-29 17:22 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-09-07 561152] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "ALDI_SUED_FotoSuite_Download"="c:\program files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" [2008-11-11 1257472] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] c:\users\Gilli & Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-9-4 1085440] c:\users\superfury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-9-4 1085440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):d6,d8,47,62,04,24,ca,01 R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [04.09.2009 09:37 16448] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091217.002\IDSvix86.sys [18.12.2009 22:08 286768] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [25.01.2008 18:47 149352] R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [16.10.2007 17:10 61440] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08.04.2009 11:38 92008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27.08.2009 19:38 102448] R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [16.10.2007 17:10 19456] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18.06.2009 18:48 42480] R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19.02.2009 11:31 41008] R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [04.09.2009 09:37 307200] S1 DVBNet;DM20S DVB Net Adaptor;c:\windows\System32\drivers\VirtualNet.sys [19.03.2009 19:31 23552] S2 2810lff;%loader.SvcDis%;c:\windows\System32\drivers\USBLoad.sys [19.03.2009 19:33 16640] S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [09.02.2008 17:06 238968] S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12.01.2008 19:32 23888] S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\System32\drivers\DslTestSp5.sys [04.09.2009 09:39 26816] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [02.02.2008 17:09 1527900] S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [08.06.2008 17:44 21504] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners 2009-12-28 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - superfury.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 06:05] 2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{5A5B4F45-D348-461B-9251-F6A019AE3529}.job - c:\windows\system32\msfeedssync.exe [2009-12-10 04:59] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.eddie4u.de/ IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\superfury\AppData\Roaming\Mozilla\Firefox\Profiles\f39hbty9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.eddie4u.de FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll FF - plugin: c:\program files\Dassault Systemes\3D XML Player\intel_a\code\bin\NP3DXMLPlayer.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-30 15:50 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x856271F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x887a2d24 \Driver\ACPI -> acpi.sys @ 0x80737d68 \Driver\atapi -> 0x856271f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\system32\agrsmsvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-12-30 15:59:18 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-12-30 14:59 Vor Suchlauf: 5.440.638.976 Bytes frei Nach Suchlauf: 5.118.468.096 Bytes frei - - End Of File - - 2B32981065EAEFB92775E929BD3A0BF2 Danke & Gruss Eddie |
|
30.12.2009, 20:02
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Ein paar Kandidaten hätte ich gefunden; Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien (sofern diese noch existieren) bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen. Du kannst auch einfach den Ergebnislink posten: Code:
ATTFilter c:\users\superfury\AppData\Roaming\mdbu.bin
c:\windows\system32\drivers\RkPavproc1.sys
c:\windows\System32\drivers\USBLoad.sys
c:\windows\System32\drivers\DslTestSp5.sys
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2009, 00:15
| #10 |
| | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Hi ! Hab die Prüfungen in Reihenfolge gemacht, die 2 und 4 datei waren schon geprüft. Nr 1 und 3 wurden frisch erstellt. 1)***************************************************** Datei mdbu.bin empfangen 2009.12.30 22:57:35 (UTC) Status: Beendet Ergebnis: 0/41 (0.00%) Filter Filter Drucken der Ergebnisse Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.43 2009.12.30 - AhnLab-V3 5.0.0.2 2009.12.30 - AntiVir 7.9.1.122 2009.12.30 - Antiy-AVL 2.0.3.7 2009.12.30 - Authentium 5.2.0.5 2009.12.30 - Avast 4.8.1351.0 2009.12.30 - AVG 8.5.0.430 2009.12.30 - BitDefender 7.2 2009.12.30 - CAT-QuickHeal 10.00 2009.12.30 - ClamAV 0.94.1 2009.12.30 - Comodo 3417 2009.12.30 - DrWeb 5.0.1.12222 2009.12.30 - eSafe 7.0.17.0 2009.12.29 - eTrust-Vet 35.1.7207 2009.12.30 - F-Prot 4.5.1.85 2009.12.30 - F-Secure 9.0.15370.0 2009.12.30 - Fortinet 4.0.14.0 2009.12.30 - GData 19 2009.12.30 - Ikarus T3.1.1.79.0 2009.12.30 - Jiangmin 13.0.900 2009.12.30 - K7AntiVirus 7.10.934 2009.12.30 - Kaspersky 7.0.0.125 2009.12.30 - McAfee 5847 2009.12.30 - McAfee+Artemis 5847 2009.12.30 - McAfee-GW-Edition 6.8.5 2009.12.30 - Microsoft 1.5302 2009.12.30 - NOD32 4730 2009.12.30 - Norman 6.04.03 2009.12.30 - nProtect 2009.1.8.0 2009.12.30 - Panda 10.0.2.2 2009.12.30 - PCTools 7.0.3.5 2009.12.30 - Prevx 3.0 2009.12.30 - Rising 22.28.02.04 2009.12.30 - Sophos 4.49.0 2009.12.30 - Sunbelt 3.2.1858.2 2009.12.30 - Symantec 1.4.4.12 2009.12.30 - TheHacker 6.5.0.3.121 2009.12.30 - TrendMicro 9.120.0.1004 2009.12.30 - VBA32 3.12.12.1 2009.12.30 - ViRobot 2009.12.30.2116 2009.12.30 - VirusBuster 5.0.21.0 2009.12.30 - weitere Informationen File size: 240797 bytes MD5 : f2c21cc0a7c0c41a178e5732033b599e SHA1 : bbae6a25af457f721584440b9d2a8f03ee0fbde7 SHA256: 79250154aaaffaf2543eeba4b53c1280d55f82408bac1d163913088041a829c2 TrID : File type identification Unknown! ssdeep: 1536:mSD6zryyzOSk3XuIDJNVwpMnRQDTRI6JYQSdsd/JOBn9NEC4Pr:m0aBzOSk3XuqJr1CVsGr PEiD : - RDS : NSRL Reference Data Set - 2)***************************************************** Datei 39518CB18848C72044B5006293F05700856EBC75.sys empfangen 2009.10.26 19:29:00 (UTC) Status: Beendet Ergebnis: 0/41 (0.00%) Filter Filter Drucken der Ergebnisse Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.10.26 - AhnLab-V3 5.0.0.2 2009.10.26 - AntiVir 7.9.1.44 2009.10.26 - Antiy-AVL 2.0.3.7 2009.10.26 - Authentium 5.1.2.4 2009.10.26 - Avast 4.8.1351.0 2009.10.26 - AVG 8.5.0.423 2009.10.26 - BitDefender 7.2 2009.10.26 - CAT-QuickHeal 10.00 2009.10.26 - ClamAV 0.94.1 2009.10.26 - Comodo 2741 2009.10.26 - DrWeb 5.0.0.12182 2009.10.26 - eSafe 7.0.17.0 2009.10.25 - eTrust-Vet 35.1.7083 2009.10.26 - F-Prot 4.5.1.85 2009.10.26 - F-Secure 9.0.15370.0 2009.10.22 - Fortinet 3.120.0.0 2009.10.26 - GData 19 2009.10.26 - Ikarus T3.1.1.72.0 2009.10.26 - Jiangmin 11.0.800 2009.10.26 - K7AntiVirus 7.10.879 2009.10.24 - Kaspersky 7.0.0.125 2009.10.26 - McAfee 5783 2009.10.26 - McAfee+Artemis 5783 2009.10.26 - McAfee-GW-Edition 6.8.5 2009.10.26 - Microsoft 1.5202 2009.10.26 - NOD32 4545 2009.10.26 - Norman 6.03.02 2009.10.26 - nProtect 2009.1.8.0 2009.10.26 - Panda 10.0.2.2 2009.10.26 - PCTools 4.4.2.0 2009.10.19 - Prevx 3.0 2009.10.26 - Rising 21.53.04.00 2009.10.26 - Sophos 4.46.0 2009.10.26 - Sunbelt 3.2.1858.2 2009.10.26 - Symantec 1.4.4.12 2009.10.26 - TheHacker 6.5.0.2.054 2009.10.26 - TrendMicro 8.950.0.1094 2009.10.26 - VBA32 3.12.10.11 2009.10.23 - ViRobot 2009.10.26.2005 2009.10.26 - VirusBuster 4.6.5.0 2009.10.26 - weitere Informationen File size: 17544 bytes MD5 : 53f647be062c55e3a18c68608ffd105b SHA1 : 4a0cea770a7e4c013d7a80fcdb85fab8cc3ea17c SHA256: 44fd774a2b5bde8543650acaffd35cf98306307387dff24fc8cac467a23c939c PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2205 timedatestamp.....: 0x4ACCA41D (Wed Oct 7 16:22:21 2009) machinetype.......: 0x14C (Intel I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x480 0x1826 0x1880 6.34 7406e837f3a85d7e99a38fadeb926f2c .rdata 0x1D00 0x228 0x280 3.61 9cc682311c515feca7bf72d96f1533c2 .data 0x1F80 0x248 0x280 2.10 786b46e458d9a843a8e8b0f89626137f INIT 0x2200 0x2F6 0x300 5.27 2414f9868a3163fb63a818a79f583dae .rsrc 0x2500 0x360 0x380 3.16 cb3a63bd8c60a2ec39f1ebf6d1d8685f .reloc 0x2880 0x1BE 0x200 5.30 20bfc697dbff09ae0c7c4f9126aeb2b3 ( 1 imports ) > ntoskrnl.exe: IoDeleteDevice, IofCompleteRequest, IoCreateDevice, RtlInitUnicodeString, wcsncat, wcsncpy, memset, KeGetCurrentThread, IoGetCurrentProcess, MmGetSystemRoutineAddress, PsGetVersion, ObfDereferenceObject, PsLookupProcessByProcessId, PsThreadType, PsProcessType, IoThreadToProcess, MmIsAddressValid, SeDeleteAccessState, ObOpenObjectByPointer, PsLookupProcessThreadByCid, SeCreateAccessState, MmMapIoSpace, MmGetPhysicalAddress, MmUnmapIoSpace, KeTickCount, KeBugCheckEx, RtlUnwind ( 0 exports ) ssdeep: 384:/FlIt4xU7F+b0E0fGbzHFOYJLWCSbx76j  I2xxzHFXL+bVmPEiD : - RDS : NSRL Reference Data Set - 3)********************************************************* Datei USBLoad.sys empfangen 2009.12.30 23:09:44 (UTC) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/40 (0%) Laden der Serverinformationen... Ihre Datei wartet momentan auf Position: 5. Geschätzte Startzeit ist zwischen 80 und 114 Sekunden. Dieses Fenster bis zum Abschluss des Scans nicht schließen. Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen. Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut. Ihre Datei wird momentan von VirusTotal überprüft, Ergebnisse werden sofort nach der Generierung angezeigt. Filter Filter Drucken der Ergebnisse Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet. SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.43 2009.12.31 - AhnLab-V3 5.0.0.2 2009.12.30 - AntiVir 7.9.1.122 2009.12.30 - Antiy-AVL 2.0.3.7 2009.12.30 - Authentium 5.2.0.5 2009.12.30 - Avast 4.8.1351.0 2009.12.30 - AVG 8.5.0.430 2009.12.30 - BitDefender 7.2 2009.12.30 - CAT-QuickHeal 10.00 2009.12.30 - ClamAV 0.94.1 2009.12.30 - Comodo 3417 2009.12.30 - DrWeb 5.0.1.12222 2009.12.30 - eSafe 7.0.17.0 2009.12.29 - eTrust-Vet 35.1.7207 2009.12.30 - F-Prot 4.5.1.85 2009.12.30 - F-Secure 9.0.15370.0 2009.12.30 - Fortinet 4.0.14.0 2009.12.30 - GData 19 2009.12.30 - Ikarus T3.1.1.79.0 2009.12.30 - Jiangmin 13.0.900 2009.12.30 - K7AntiVirus 7.10.934 2009.12.30 - Kaspersky 7.0.0.125 2009.12.30 - McAfee 5847 2009.12.30 - McAfee+Artemis 5847 2009.12.30 - McAfee-GW-Edition 6.8.5 2009.12.30 - Microsoft 1.5302 2009.12.31 - NOD32 4730 2009.12.30 - Norman 6.04.03 2009.12.30 - nProtect 2009.1.8.0 2009.12.30 - Panda 10.0.2.2 2009.12.30 - PCTools 7.0.3.5 2009.12.30 - Prevx 3.0 2009.12.31 - Rising 22.28.02.04 2009.12.30 - Sophos 4.49.0 2009.12.31 - Sunbelt 3.2.1858.2 2009.12.30 - TheHacker 6.5.0.3.121 2009.12.30 - TrendMicro 9.120.0.1004 2009.12.30 - VBA32 3.12.12.1 2009.12.30 - ViRobot 2009.12.30.2116 2009.12.30 - VirusBuster 5.0.21.0 2009.12.30 - weitere Informationen File size: 16640 bytes MD5...: fa81e40b4fd40abada984b3751fa8c23 SHA1..: 5fac36b637bcb35ee713fa56befdc70ba62a5ccb SHA256: b6e1339618d319747d9b8451758a0280aef87147b25023e6694b399e7e66eeeb ssdeep: 384:K8UoBGeyA+bRIY00eFdk9xNuKdeqFurKDdSy7X/:2e2enk1uVqFuWJJT PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x828 timedatestamp.....: 0x44bc6030 (Tue Jul 18 04:14:40 2006) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x300 0x553 0x580 6.07 b7416a39954d326631640fbbe59ed9fa .rdata 0x880 0xa6 0x100 3.35 05514b26d01a8d5c580100d35f3bb594 .data 0x980 0x3020 0x3080 5.56 068dfc6993d425f4a3b81632b999fbcb INIT 0x3a00 0x19c 0x200 4.04 f64a2dd7fa6ee482fa836c9b00a08de9 .rsrc 0x3c00 0x3c8 0x400 3.04 bfc29089f1f8a336ec0b2a6c9ab4b445 .reloc 0x4000 0x82 0x100 1.88 1a84a804ea366fcc65bf7270c3014477 ( 1 imports ) > NTOSKRNL.EXE: IofCallDriver, KeSetEvent, KeWaitForSingleObject, KeInitializeEvent, IofCompleteRequest, IoDeleteDevice, IoDetachDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, IoBuildDeviceIoControlRequest, InterlockedDecrement, InterlockedIncrement, ExFreePool, ExAllocatePoolWithTag ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: anchor chips copyright....: Copyright (c) 1998 Anchor Chips Incorporated product......: anchor chips ezloader description..: ezloader original name: ezloader.sys internal name: ezloader file version.: 0.9 comments.....: signers......: - signing date.: - verified.....: Unsigned 4)******************************************************** Datei DslTestSp5.sys empfangen 2009.11.30 20:47:04 (UTC) Status: Beendet Ergebnis: 0/41 (0.00%) Filter Filter Drucken der Ergebnisse Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.43 2009.11.30 - AhnLab-V3 5.0.0.2 2009.11.30 - AntiVir 7.9.1.79 2009.11.30 - Antiy-AVL 2.0.3.7 2009.11.30 - Authentium 5.2.0.5 2009.11.30 - Avast 4.8.1351.0 2009.11.30 - AVG 8.5.0.426 2009.11.30 - BitDefender 7.2 2009.11.30 - CAT-QuickHeal 10.00 2009.11.30 - ClamAV 0.94.1 2009.11.30 - Comodo 3093 2009.11.30 - DrWeb 5.0.0.12182 2009.11.30 - eSafe 7.0.17.0 2009.11.30 - eTrust-Vet 35.1.7148 2009.11.30 - F-Prot 4.5.1.85 2009.11.30 - F-Secure 9.0.15370.0 2009.11.29 - Fortinet 4.0.14.0 2009.11.30 - GData 19 2009.11.30 - Ikarus T3.1.1.74.0 2009.11.30 - Jiangmin 11.0.800 2009.11.29 - K7AntiVirus 7.10.906 2009.11.27 - Kaspersky 7.0.0.125 2009.11.30 - McAfee 5818 2009.11.30 - McAfee+Artemis 5818 2009.11.30 - McAfee-GW-Edition 6.8.5 2009.11.30 - Microsoft 1.5302 2009.11.30 - NOD32 4650 2009.11.30 - Norman 6.03.02 2009.11.30 - nProtect 2009.1.8.0 2009.11.28 - Panda 10.0.2.2 2009.11.30 - PCTools 7.0.3.5 2009.11.30 - Prevx 3.0 2009.11.30 - Rising 22.24.00.09 2009.11.30 - Sophos 4.48.0 2009.11.30 - Sunbelt 3.2.1858.2 2009.11.30 - Symantec 1.4.4.12 2009.11.30 - TheHacker 6.5.0.2.082 2009.11.30 - TrendMicro 9.100.0.1001 2009.11.30 - VBA32 3.12.12.0 2009.11.30 - ViRobot 2009.11.30.2062 2009.11.30 - VirusBuster 5.0.21.0 2009.11.30 - weitere Informationen File size: 26816 bytes MD5 : c6b2e10cfe79169c72f0269087b9a603 SHA1 : 0cde369bb509fe55e1f7c880b4810fd57c528778 SHA256: dd239d40f727b601fcb0554ee68af8edf17263a4db66258f5c09db3e2d819613 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3D85 timedatestamp.....: 0x456CF439 (Wed Nov 29 03:45:13 2006) machinetype.......: 0x14C (Intel I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x480 0x3570 0x3580 6.38 0e890b11a980be6b955b0902c45fdfad .rdata 0x3A00 0x234 0x280 3.73 c6c4c3b881499ffa253b7f483dac678a .data 0x3C80 0xAC 0x100 1.51 1994b4b323380d79782ae6986dc1c24a INIT 0x3D80 0x838 0x880 5.15 1453ee7cda130a8185a103f4173fbeec .rsrc 0x4600 0x410 0x480 3.19 15adbfad7af385b98b9e8fa824ed1386 .reloc 0x4A80 0x38E 0x400 5.36 6b942f631d03dd977877bc8c4f636fff ( 3 imports ) > hal.dll: KeQueryPerformanceCounter, KeGetCurrentIrql > ndis.sys: NdisResetEvent, NdisOpenAdapter, NdisWaitEvent, NdisCompleteBindAdapter, NdisSetEvent, NdisAllocatePacketPool, NdisAllocateBufferPool, NdisInitializeEvent, NdisFreeSpinLock, NdisFreeBufferPool, NdisFreePacketPool, NdisInterlockedRemoveHeadList, NdisRequest, NdisUnicodeStringToAnsiString, NdisSend, NdisCloseAdapter, NdisDprReleaseSpinLock, NdisGetCurrentSystemTime, NdisAllocatePacket, NdisAllocateBuffer, NdisInterlockedInsertTailList, NdisTransferData, NdisAcquireSpinLock, NdisReleaseSpinLock, NdisUnchainBufferAtFront, NdisFreeBuffer, NdisFreePacket, NdisAllocateSpinLock, NdisRegisterProtocol, NdisDeregisterProtocol, NdisUpcaseUnicodeString, NdisInitAnsiString, NdisDprAcquireSpinLock, NdisAllocateMemoryWithTag, NdisFreeMemory, NDIS_BUFFER_TO_SPAN_PAGES, NdisQueryBufferOffset, NdisInitUnicodeString > ntoskrnl.exe: KeBugCheckEx, KeTickCount, RtlAnsiStringToUnicodeString, RtlFreeUnicodeString, RtlEqualUnicodeString, ProbeForRead, MmUnlockPages, IoAllocateMdl, MmProbeAndLockPages, IoFreeMdl, ExInterlockedAddLargeStatistic, IoReleaseCancelSpinLock, InterlockedExchange, IofCompleteRequest, IoIsWdmVersionAvailable, IoCreateDevice, IoDeleteDevice, RtlAppendUnicodeToString, ExAllocatePoolWithTag, RtlQueryRegistryValues, ExFreePool, IoCreateSymbolicLink, IoDeleteSymbolicLink, _except_handler3, InterlockedDecrement, InterlockedIncrement, ExInterlockedPushEntrySList, MmMapLockedPagesSpecifyCache, ExInterlockedPopEntrySList, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList ( 0 exports ) TrID : File type identification Clipper DOS Executable (33.3%) Generic Win/DOS Executable (33.0%) DOS Executable Generic (33.0%) VXD Driver (0.5%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ssdeep: 384:tU7zgJ30lQlDzOIfgMJtdTs3yRU0XEjvSquMxceYJLWd6jA0Jbrg:tU7zA3dljiqaeDLAmpbM PEiD : - packers (Kaspersky): PE_Patch RDS : NSRL Reference Data Set - ************************************************** Grüsse Eddie |
|
31.12.2009, 08:41
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Hm die sind sauber Vllt sehen wir mit OTL mehr: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2009, 15:42
| #12 |
| | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Hi ! Habe OTL ausgeführt. (Hab davor auch ein bisschen gespielt und geschaut, ob das Problem immer noch besteht und leider Gottes sind die fehlerhaften Linkweiterleitungen immer noch da.) OTL: TL logfile created on: 31.12.2009 15:21:42 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\superfury\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,21 Gb Total Space | 4,94 Gb Free Space | 14,43% Space Free | Partition Type: NTFS Drive D: | 192,82 Gb Total Space | 151,56 Gb Free Space | 78,60% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUPERFURY-PC Current User Name: superfury Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\superfury\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) PRC - C:\Programme\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) PRC - C:\Programme\System Control Manager\edd.exe () PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\CyberLink\Shared Files\RichVideo.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Winamp\winampa.exe () ========== Modules (SafeList) ========== MOD - C:\Users\superfury\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (TDslMgrService) -- C:\Program Files\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Symantec Core LC) -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (Ati External Event Utility) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe () SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20091217.002\IDSvix86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091229.052\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091229.052\NAVENG.SYS (Symantec Corporation) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation) DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (2810lff) -- C:\Windows\System32\drivers\USBLoad.sys (anchor chips) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (DVBNet) -- C:\Windows\System32\drivers\VirtualNet.sys (SDMC) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EDDIE's IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.eddie4u.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.02.12 00:15:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.29 18:22:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.29 18:22:53 | 00,000,000 | ---D | M] [2009.12.29 18:23:42 | 00,000,000 | ---D | M] -- C:\Users\superfury\AppData\Roaming\mozilla\Extensions [2008.09.03 18:06:28 | 00,000,000 | ---D | M] -- C:\Users\superfury\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.12.30 18:33:37 | 00,000,000 | ---D | M] -- C:\Users\superfury\AppData\Roaming\mozilla\Firefox\Profiles\f39hbty9.default\extensions [2009.12.29 18:38:19 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\superfury\AppData\Roaming\mozilla\Firefox\Profiles\f39hbty9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.12.29 18:40:10 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\superfury\AppData\Roaming\mozilla\Firefox\Profiles\f39hbty9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.12.29 18:22:53 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.31 21:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Programme\Mozilla Firefox\components\coFFPlgn.dll [2009.12.02 09:31:53 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.02 09:31:53 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.02 09:31:53 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.02 09:31:53 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.02 09:31:53 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\superfury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc (get_atlcom Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009.12.31 15:12:53 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\superfury\Desktop\OTL.exe [2009.12.30 15:50:24 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2009.12.30 15:48:07 | 00,000,000 | ---D | C] -- C:\Users\superfury\AppData\Local\temp [2009.12.30 15:37:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2009.12.30 15:37:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2009.12.30 15:37:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2009.12.30 15:36:27 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT [2009.12.30 15:33:49 | 00,000,000 | ---D | C] -- C:\Qoobox [2009.12.30 15:33:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2009.12.30 12:02:40 | 00,000,000 | ---D | C] -- C:\Config.Msi [2009.12.30 11:28:41 | 00,000,000 | R--D | C] -- C:\Users\superfury\Desktop\DIVERSE TOOLS [2009.12.30 11:20:13 | 00,000,000 | R--D | C] -- C:\Users\superfury\Desktop\FOTO UND BILD [2009.12.30 11:16:42 | 00,000,000 | R--D | C] -- C:\Users\superfury\Desktop\MUSIK TOOLS [2009.12.30 11:11:15 | 00,000,000 | R--D | C] -- C:\Users\superfury\Desktop\MOVIE PLAYER & ONLINE TV [2009.12.30 11:08:27 | 00,000,000 | R--D | C] -- C:\Users\superfury\Desktop\NOTIZZETTEL [2009.12.30 11:04:37 | 00,000,000 | R--D | C] -- C:\Users\superfury\Desktop\COMPUTER- SICHERHEIT [2009.12.30 02:48:36 | 00,000,000 | ---D | C] -- C:\Users\superfury\AppData\Roaming\Q-Dir [2009.12.30 02:48:34 | 00,000,000 | ---D | C] -- C:\Programme\Q-Dir [2009.12.30 02:48:34 | 00,000,000 | ---D | C] -- C:\Users\superfury\Documents\Favorites_Q_Dir [2009.12.29 18:23:04 | 00,000,000 | ---D | C] -- C:\Users\superfury\AppData\Local\Mozilla [2009.12.29 18:22:51 | 00,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2009.12.29 13:41:47 | 00,000,000 | ---D | C] -- C:\Lop SD [2009.12.28 14:46:06 | 00,000,000 | ---D | C] -- C:\rsit [2009.12.28 00:08:58 | 00,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center [2009.12.27 23:31:58 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2009.12.27 23:27:46 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2009.12.27 01:39:01 | 00,000,000 | ---D | C] -- C:\Users\superfury\AppData\Roaming\Malwarebytes [2009.12.27 01:38:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.12.27 01:38:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.12.27 01:38:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.12.26 12:22:57 | 00,000,000 | ---D | C] -- C:\Windows\pss [2009.12.26 11:54:15 | 00,017,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\RkPavproc1.sys [2009.12.26 11:51:37 | 00,000,000 | ---D | C] -- C:\Programme\Panda Security [2009.12.26 00:07:22 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2009.12.26 00:01:00 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2009.12.26 00:01:00 | 00,000,000 | ---D | C] -- C:\Programme\Adobe [2009.12.25 23:47:24 | 00,000,000 | ---D | C] -- C:\Windows\Sun [2009.12.25 23:46:13 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2009.12.25 23:46:13 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009.12.25 23:46:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009.12.25 23:46:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009.12.25 23:45:39 | 00,000,000 | ---D | C] -- C:\Programme\Java [2009.12.25 20:22:19 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8 [2009.12.16 19:00:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton [2009.12.11 16:00:35 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2009.12.11 16:00:28 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2009.12.10 19:25:50 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2009.12.10 19:25:50 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009.12.10 19:25:50 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009.12.10 19:25:50 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2009.12.10 19:25:49 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009.12.10 19:25:49 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2009.12.10 19:25:49 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2009.12.10 19:25:49 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009.12.10 19:25:49 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2009.12.10 19:25:49 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2009.12.10 19:25:49 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2009.12.10 19:25:49 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2009.12.10 19:25:49 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009.12.10 19:25:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2009.12.10 19:25:16 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2009.12.01 22:33:46 | 00,000,000 | ---D | C] -- C:\Users\superfury\AppData\Roaming\T-Online [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009.12.31 15:20:53 | 07,602,176 | -HS- | M] () -- C:\Users\superfury\ntuser.dat [2009.12.31 15:13:05 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\superfury\Desktop\OTL.exe [2009.12.31 15:10:30 | 01,427,212 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.12.31 15:10:30 | 00,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.12.31 15:10:30 | 00,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.12.31 15:10:30 | 00,123,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.12.31 15:10:30 | 00,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.12.31 15:08:21 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A5B4F45-D348-461B-9251-F6A019AE3529}.job [2009.12.31 15:04:34 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.12.31 15:04:34 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.12.31 15:04:24 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.12.31 15:04:13 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.12.31 00:44:23 | 00,524,288 | -HS- | M] () -- C:\Users\superfury\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.12.31 00:44:23 | 00,065,536 | -HS- | M] () -- C:\Users\superfury\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.12.31 00:44:16 | 00,000,801 | ---- | M] () -- C:\Users\superfury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2009.12.31 00:44:13 | 02,875,963 | -H-- | M] () -- C:\Users\superfury\AppData\Local\IconCache.db [2009.12.30 20:09:42 | 00,240,797 | ---- | M] () -- C:\Users\superfury\AppData\Roaming\mdbu.bin [2009.12.30 15:50:27 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini [2009.12.30 15:50:16 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009.12.30 02:52:53 | 00,018,801 | ---- | M] () -- C:\Windows\Q-Dir.ini [2009.12.30 02:48:34 | 00,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Q-Dir.lnk [2009.12.29 18:22:56 | 00,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2009.12.28 19:59:59 | 00,000,590 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - superfury.job [2009.12.28 18:57:45 | 00,000,680 | RHS- | M] () -- C:\Users\superfury\ntuser.pol [2009.12.28 11:35:04 | 00,000,680 | ---- | M] () -- C:\Users\superfury\AppData\Local\d3d9caps.dat [2009.12.25 23:45:45 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009.12.25 23:45:45 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009.12.25 23:45:45 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009.12.25 23:45:44 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2009.12.20 16:15:54 | 00,099,328 | ---- | M] () -- C:\Users\superfury\Documents\Gutschein Margit + Günther.ppt [2009.12.20 15:38:24 | 00,053,760 | ---- | M] () -- C:\Users\superfury\Documents\GutscheinMaria+Günter.ppt [2009.12.20 15:36:36 | 00,103,424 | ---- | M] () -- C:\Users\superfury\Documents\Weihnachten2010.ppt [2009.12.13 20:33:22 | 00,171,860 | ---- | M] () -- C:\Users\superfury\Documents\Singapore-routemap[1].pdf [2009.12.09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe [2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2009.12.30 15:37:02 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2009.12.30 15:37:02 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe [2009.12.30 15:37:02 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe [2009.12.30 15:37:02 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2009.12.30 15:37:02 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe [2009.12.30 02:48:34 | 00,018,801 | ---- | C] () -- C:\Windows\Q-Dir.ini [2009.12.30 02:48:34 | 00,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Q-Dir.lnk [2009.12.29 18:22:56 | 00,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2009.12.28 18:57:45 | 00,000,680 | RHS- | C] () -- C:\Users\superfury\ntuser.pol [2009.12.28 11:30:25 | 00,000,680 | ---- | C] () -- C:\Users\superfury\AppData\Local\d3d9caps.dat [2009.12.20 15:48:29 | 00,099,328 | ---- | C] () -- C:\Users\superfury\Documents\Gutschein Margit + Günther.ppt [2009.12.13 20:33:22 | 00,171,860 | ---- | C] () -- C:\Users\superfury\Documents\Singapore-routemap[1].pdf [2009.12.08 21:26:07 | 00,053,760 | ---- | C] () -- C:\Users\superfury\Documents\GutscheinMaria+Günter.ppt [2009.12.08 21:12:30 | 00,103,424 | ---- | C] () -- C:\Users\superfury\Documents\Weihnachten2010.ppt [2009.11.08 01:34:22 | 00,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.11.08 01:30:48 | 00,000,249 | ---- | C] () -- C:\Windows\COCKTAIL.INI [2009.08.19 18:15:26 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.28 21:42:00 | 00,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI [2009.05.29 22:57:01 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.05.29 22:28:25 | 00,022,016 | ---- | C] () -- C:\Windows\System32\asfsipcd.dll [2009.03.19 19:35:10 | 00,000,006 | ---- | C] () -- C:\Windows\System32\drivers\halMac.ini [2009.03.19 19:34:15 | 00,078,208 | ---- | C] () -- C:\Windows\System32\drivers\USBCap.sys [2009.01.18 16:46:40 | 00,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.11.14 22:03:07 | 00,240,797 | ---- | C] () -- C:\Users\superfury\AppData\Roaming\mdbu.bin [2008.11.14 19:24:40 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.07.28 21:07:25 | 00,015,246 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.04.02 20:29:11 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.03.22 01:35:07 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.02.28 22:31:03 | 00,000,104 | ---- | C] () -- C:\Windows\NEXTBASE.INI [2008.02.28 22:24:39 | 00,000,298 | ---- | C] () -- C:\Windows\emsoft.ini [2008.02.28 21:55:57 | 00,000,040 | ---- | C] () -- C:\Windows\SMFPOKER.INI [2008.02.28 21:36:49 | 00,000,092 | ---- | C] () -- C:\Windows\entpack.ini [2008.02.27 23:55:27 | 00,000,203 | ---- | C] () -- C:\Windows\wininit.ini [2008.02.27 23:49:52 | 00,000,389 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.02.18 01:23:24 | 00,000,046 | ---- | C] () -- C:\Windows\Goya.INI [2008.02.17 23:21:01 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.17 22:35:07 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.02.17 20:17:05 | 00,003,756 | ---- | C] () -- C:\Windows\cool.ini [2008.02.17 16:37:53 | 00,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008.02.12 00:02:03 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.02.11 23:56:18 | 00,002,834 | ---- | C] () -- C:\Windows\Cerberus.ini [2008.02.06 21:13:26 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.02.06 21:13:23 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.02.06 21:13:23 | 00,612,864 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2008.02.06 21:13:23 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.02.06 21:13:22 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.02.06 21:13:21 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.02.06 21:13:21 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.02.04 23:45:04 | 00,051,712 | ---- | C] () -- C:\Users\superfury\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.03 20:20:11 | 00,000,004 | ---- | C] () -- C:\Windows\msoffice.ini [2008.02.02 17:04:54 | 00,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.10.16 19:50:27 | 00,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2007.10.16 17:10:53 | 00,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2007.10.16 17:10:53 | 00,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2007.10.16 16:37:13 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.09.20 17:43:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.12.05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2002.03.21 12:51:52 | 00,503,808 | R--- | C] () -- C:\Windows\System32\lt_xtrans.dll [2002.03.21 12:51:52 | 00,286,720 | R--- | C] () -- C:\Windows\System32\MrSIDD.dll [2002.03.21 12:51:52 | 00,163,840 | R--- | C] () -- C:\Windows\System32\lt_common.dll [2002.03.21 12:51:52 | 00,126,976 | R--- | C] () -- C:\Windows\System32\lt_trans.dll [2002.03.21 12:51:52 | 00,069,632 | R--- | C] () -- C:\Windows\System32\lt_meta.dll [2002.03.21 12:51:52 | 00,053,248 | R--- | C] () -- C:\Windows\System32\lt_encrypt.dll [2002.03.21 12:51:52 | 00,020,480 | R--- | C] () -- C:\Windows\System32\lt_messagetext.dll [2002.03.20 21:01:06 | 00,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys [2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll [2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll [2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll [2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll < End of report > **********************************************extras.txt**** OTL Extras logfile created on: 31.12.2009 15:21:42 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\superfury\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,21 Gb Total Space | 4,94 Gb Free Space | 14,43% Space Free | Partition Type: NTFS Drive D: | 192,82 Gb Total Space | 151,56 Gb Free Space | 78,60% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUPERFURY-PC Current User Name: superfury Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems Ltd.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0005EF71-FD32-4B54-9027-0A9340A5EBD9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{032B337A-2DA4-46DD-BBF4-3B7F443256EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0A1BDD40-2474-4AD6-BA4F-D800AC0FBDC8}" = rport=10243 | protocol=6 | dir=out | app=system | "{12540A43-F217-453C-997A-B045CE6714EE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2B2CBA54-6AE2-48F3-BD19-DEA4944F754D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{441B22A9-52CC-42F1-96CD-018A49C0AA21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4714F73C-43EB-4C24-B4D9-4518E157DEBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4B399FF2-1351-4918-AB92-680BE0A81AB9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4C4EF0F7-4C2E-46BD-98DD-613AC9AE6C8D}" = lport=10243 | protocol=6 | dir=in | app=system | "{4C529735-C3E5-4886-9C39-C7F98D1251CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4EF63EA8-B5D7-4B92-890C-28353058D27A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5FBD0D13-952C-48EE-AEF0-CF824F64A681}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{6406ADAF-59DA-45D4-8F55-0919618D972D}" = lport=4663 | protocol=6 | dir=in | name=emule tcp | "{6D76A91D-BBC7-4948-AD61-4DADBFA2346C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{86C26143-83E5-440E-B2B4-4D6BAE65B96F}" = lport=2869 | protocol=6 | dir=in | app=system | "{B901A905-98A7-4843-8C88-21E6583D2EF9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B99E019C-A5C1-477C-8766-44D511956BB0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D133B809-3312-41E4-9FDF-E05387B0CDF4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EF69C8D8-BC53-4CF7-B24D-4406D831ADB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F04F1898-A4EA-452F-B848-E08F229609DD}" = lport=4773 | protocol=17 | dir=in | name=emule udp | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2239A82D-2BA0-4762-80E4-8EC291C8634B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2688AD23-5A9E-4483-AA8A-1FF134A2B9C3}" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe | "{35AEC291-9236-452B-B630-24DB8866CD29}" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe | "{3F5C0DC2-80B6-4E29-9045-9A95AF109802}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4CDBC2E0-0863-4269-9575-0B9F159958D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5994FE3F-B8C1-4A83-A4A0-BD3572D296CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5C02D045-6EC2-49B2-99B5-6C8773857FE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5E20C11A-BFE5-4065-82E8-D2FEFCB459C7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{61743130-9285-4F7A-A6C1-4C5FB4BFA3B8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1202069637\ee\aolsoftware.exe | "{69FCE3D1-9871-4DBC-8741-76611A05FDEE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{6FCCED23-7303-4CC3-B6E7-CDD554C694D1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{75DFB6AC-C77D-4CD5-BD77-4C30AE811BD3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{7E91FE48-A783-48D7-80A9-AC1B33661C79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{852D3A8F-7C21-4F46-83F2-23E7EEB955E6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{8E60CB6C-493B-4EB6-9BD3-DF3E6B42DC7F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{8ED3BD1B-798A-4E0C-A2B8-B4261903BDDD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{94DD0A8B-AFBB-458A-ACC2-B135774F5F80}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1201957075\ee\aolsoftware.exe | "{98F41589-3BF6-48A4-9E8D-6BB77F0FA86D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{9CA37446-412B-4888-ADEA-D5289E8E8AB6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{9E789910-444B-4B2F-B967-2AD1F43675E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AA32DEEB-7F45-4873-B84A-FA5BE204EAD3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{AF5E97B2-2433-444E-8C8E-8E3D9DCFE553}" = protocol=6 | dir=out | app=system | "{B11C2825-831F-4F92-A8F4-189176A5D844}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1202069637\ee\aolsoftware.exe | "{BBC46B50-06AE-4604-8565-6E5470056DDB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{C5D0A80E-FED2-4061-8310-939E92BCD2E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CC961BB0-7152-423B-BFF5-97DE81251398}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{CD263925-73F5-4778-8B95-438A8D5E60A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CDAC8845-0DF5-4789-92A2-59BCB361FF0E}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe | "{D0383E54-2B42-42C5-A3D0-E6A624223D40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D5048C71-2C57-4BD3-AF57-1D9C91D14AB2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{D899E5FB-53AB-4669-867F-C250393E8B49}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1201957075\ee\aolsoftware.exe | "{DC1D3F64-F812-43D2-B98C-0A97CFC65386}" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe | "{DF7C63EA-EF86-4328-A566-EBF44717D45C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{DFBB3451-3C25-4287-9C3C-E48CA50B4BBC}" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe | "{EC45D1D9-8B3B-4C72-91E3-ECFB17B0B7D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{388E8BE4-F72B-4830-8B02-6582916F0CE3}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{5BBEB1D7-C774-46DB-95E8-581DA49C5510}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | "TCP Query User{65F42F68-6A9A-40AB-88B9-2FA468AECE1D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{7A0FBFF6-61F8-4A26-9906-C62E7E786DF5}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{7BF543F9-BB38-4151-B6D2-00075A9A7CE6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{86CBC904-70E4-4CB8-A582-A4121342059B}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{9B3F62BE-B236-40F3-8418-B06A14D02F14}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{B56127E9-1C28-41AA-B185-BF092AAA560F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{BA766B42-0F54-46EB-BD30-A02D9EB067C5}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{CAA7EC8C-B05F-46CB-93B1-F1DF5C86B3A2}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{CEB2FF12-6B8C-42E9-AC69-A08C00921A8D}D:\programm\emule\emule.exe" = protocol=6 | dir=in | app=d:\programm\emule\emule.exe | "TCP Query User{DA588A4A-88B7-4A01-937E-1B838CD5B3E6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{FCF4FF30-1727-437C-9A0C-4B5737ACEE17}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{0B84A232-9A16-41F2-969C-F9D6FC72972D}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | "UDP Query User{34A1CBCE-E0E1-4F81-966B-58C7CDD78973}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{3B024B6B-CD42-4F8A-8137-267E49392975}D:\programm\emule\emule.exe" = protocol=17 | dir=in | app=d:\programm\emule\emule.exe | "UDP Query User{4871D40D-C1B8-4C8D-A7F1-E6A1430A6C9E}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{6B84160E-C433-4C68-8369-81090A9A80B2}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{6C0A1C0C-72DC-492B-ABC0-AA38B7D87758}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{7006DCBE-CB46-4A69-85CD-73017A112673}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{9466AB4B-ED4C-450B-A4B3-70E8AC0A7F60}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{9C66C255-34F8-49C6-9857-7F293567FC2E}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{CFD2F56E-77B4-49F8-9A2F-F7052D660E72}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{E353EB12-9C2E-4A90-8F92-2F30A686AEE7}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{F61B93AA-4D74-4677-BFA9-5A7E1F06DF14}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{F7B04460-A214-4ACF-A9A0-FA753F749192}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{259F8C2A-36EB-D7CB-043E-5A27D2780A7B}" = CCC Help German "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework "{32F4F9F2-EE24-3FB5-BB34-C7C804565376}" = Catalyst Control Center Graphics Previews Vista "{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security "{3717FEBD-AC53-C184-820A-2B0E6DD3EB28}" = ccc-core-static "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{4010F896-643A-43EE-ADFA-E66EB39ECF00}" = Chronik der Weltgeschichte "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite "{4BD3CFDB-5408-0C75-DF86-57F6D2C82571}" = Catalyst Control Center Graphics Full Existing "{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials "{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{60F832A9-2CD5-2A4B-A47D-FF49CF54AAF9}" = ccc-utility "{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center "{631D8332-3280-5651-7A4C-6378C54368A9}" = Catalyst Control Center Graphics Full New "{63BA767E-6A16-A64D-3CF4-3B0F304F68CE}" = Catalyst Control Center Core Implementation "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{87465108-98E1-458F-9995-95CAB9F556B9}" = 3D XML Player "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer- "{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware "{A5E51DFF-7478-23B3-B355-A034C04B1C04}" = Catalyst Control Center Graphics Light "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup "{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security "{C5D3040F-949F-AF58-4547-5EE9D15764AD}" = ATI Catalyst Install Manager "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C7837763-3080-4ACA-A07A-64F9D5F1FB43}" = SymNet "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{DFFA4AEC-B0D9-43E6-A7FE-CA8E1D2229AE}" = n-tv plus "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{E8183160-1B2C-0080-1714-DE09914480AF}" = Catalyst Control Center Localization German "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FE0F8FF3-3908-0C9C-B92E-F475BCC54B37}" = Skins "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "ALDI Sued Foto Service D" = ALDI Sued Foto Service "Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice "ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6 "Caesar 3" = Caesar 3 "CCleaner" = CCleaner "Cool Edit 96" = Cool Edit 96 "DVD Shrink_is1" = DVD Shrink 3.2 "eMule" = eMule "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "HijackThis" = HijackThis 2.0.2 "Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK) "InstallShield_{4010F896-643A-43EE-ADFA-E66EB39ECF00}" = Chronik der Weltgeschichte "IsoBuster_is1" = IsoBuster 1.4 "KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Full "Lidl-Fotos_is1" = Lidl-Fotos "MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D) "MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D) "MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "PROHYBRIDR" = 2007 Microsoft Office system "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "Q-Dir" = Q-Dir "RealPlayer 6.0" = RealPlayer "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "SopCast" = SopCast 3.0.3 "StreamTorrent 1.0" = Stream Torrent 1.0 "SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation) "TomTom HOME" = TomTom HOME 2.6.2.1586 "TVAnts 1.0" = TVAnts 1.0 "TVUPlayer" = TVUPlayer 2.4.9.1 "VersaMix.exe" = VERSAMIX uninstall "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6h "VMidi" = vanBasco's Karaoke Player "Winamp" = Winamp (remove only) "WinRAR archiver" = WinRAR Archivierer "XMedia Recode" = XMedia Recode 2.1.4.8 "XviD" = XviD MPEG-4 Codec "Xvid_is1" = Xvid 1.2.2 final uninstall "Zattoo" = Zattoo 3.3.4 Beta "ZDFmediathek_is1" = ZDFmediathek Version 1.4.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.12.2009 07:47:11 | Computer Name = superfury-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.12.2009 07:47:11 | Computer Name = superfury-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.12.2009 07:47:11 | Computer Name = superfury-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.12.2009 07:47:11 | Computer Name = superfury-PC | Source = Windows Search Service | ID = 3013 Description = Error - 13.12.2009 18:27:48 | Computer Name = superfury-PC | Source = EventSystem | ID = 4621 Description = Error - 14.12.2009 17:30:20 | Computer Name = superfury-PC | Source = EventSystem | ID = 4621 Description = Error - 15.12.2009 19:57:37 | Computer Name = superfury-PC | Source = EventSystem | ID = 4621 Description = Error - 17.12.2009 14:41:35 | Computer Name = superfury-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67, Prozess-ID 0xdb0, Anwendungsstartzeit 01ca7f39870cef9e. Error - 17.12.2009 14:42:15 | Computer Name = superfury-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67, Prozess-ID 0x9a4, Anwendungsstartzeit 01ca7f48931b204e. Error - 18.12.2009 19:45:30 | Computer Name = superfury-PC | Source = EventSystem | ID = 4621 Description = [ Media Center Events ] Error - 12.02.2008 16:56:08 | Computer Name = superfury-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 09.12.2008 17:26:46 | Computer Name = superfury-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please try to ping MSN.com prior to filing a bug.; Win32 GetLastError returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 30.12.2009 10:48:14 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7030 Description = Error - 30.12.2009 10:48:40 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7030 Description = Error - 30.12.2009 10:51:07 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7000 Description = Error - 30.12.2009 10:51:07 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7023 Description = Error - 30.12.2009 10:51:07 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7026 Description = Error - 30.12.2009 19:44:19 | Computer Name = superfury-PC | Source = DCOM | ID = 10010 Description = Error - 31.12.2009 10:05:56 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7000 Description = Error - 31.12.2009 10:05:56 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7023 Description = Error - 31.12.2009 10:05:56 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7026 Description = Error - 31.12.2009 10:06:33 | Computer Name = superfury-PC | Source = Service Control Manager | ID = 7011 Description = < End of report > ************************************************************* Danke für die Geduld mit meinem Problemchen. Eddie |
|
02.01.2010, 11:59
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Ich glaub ich hätte da einen Kandidaten: Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien (sofern diese noch existieren) bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen. Du kannst auch einfach den Ergebnislink posten: Code:
ATTFilter C:\Programme\System Control Manager\edd.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2010, 12:30
| #14 |
| | Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung Happy NEW YEAR! Die edd.exe war schon geprüft. Hier das Ergebnis von Virustotal: Datei edd.exe empfangen 2009.11.16 01:08:05 (UTC) Status: Beendet Ergebnis: 0/41 (0.00%) Filter Filter Drucken der Ergebnisse Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.11.10 - AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2905 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - F-Secure 9.0.15370.0 2009.11.09 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 - Ikarus T3.1.1.74.0 2009.11.10 - Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.892 2009.11.09 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 - McAfee-GW-Edition 6.8.5 2009.11.10 - Microsoft 1.5202 2009.11.10 - NOD32 4592 2009.11.10 - Norman 6.03.02 2009.11.09 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.09 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.16 - Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.09 - weitere Informationen File size: 61440 bytes MD5 : 725ff88ea218fd7fac44fc7be32e60ed SHA1 : b798db0497337a7ebf8e94c2cdf373cf08c4d2a1 SHA256: 7bb7c4a465c16d334a751c801954cc254aa40ba8289d2ebc69e2634fd68418f3 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401C8A timedatestamp.....: 0x46CD2B1D (Thu Aug 23 08:37:17 2007) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x8D24 0x9000 6.55 35bfcdb579eba4c51cf9a955703a957d .rdata 0xA000 0x225A 0x3000 4.39 6b7f5c14a5f95fa3c544ea554829ef27 .data 0xD000 0x2B48 0x1000 2.17 916ffa7131e0d63155a553accb476e5b .rsrc 0x10000 0xB0 0x1000 3.05 e9914279c0bf7bc2cbf5598ba850e827 ( 0 imports ) ( 0 exports ) TrID : File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ssdeep: 768:Q2/dcxXgleKCWlrZt5M9+C7RnFg354bvPYDsd/P39vcNeNcep5S5i:Q2/gsXlhC7RnxvPpP39vcY+p5i PEiD : - RDS : NSRL Reference Data Set - Gruss Eddie |
|
| Themen zu Google Suchergebnisse ohne Umlaute und z.T. falsche Linkweiterleitung |
| anhang, anti-malware, bösartige, dateien, essen, essentials, explorer, falsche, google, google suchergebnisse, hilfe!, keine viren, komische, linkweiterleitung, microsofts, minute, neuaufsetzen, norton, problem, registrierungsschlüssel, service, suchergebnisse, systems, umlaute, verhindern, version, verzeichnisse, viren, zeichen |
Linear-Darstellung
