| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google verlinkt auf Malware VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.07.2010, 11:11
| #1 |
 |  Google verlinkt auf Malware Virus Hallo, ich habe da ein kleines Problem. Wenn ich folgendes im google Suchfeld eingebe: hotdog wagen erhalte ich einen Link der mich zu einer Seite mit einem Virusscanner weiterleitet und nicht die Seite die im Suchergebnis steht, nämlich (hotdogtown.de). Wenn ich jetzt aber www.hotdogtown.de direkt im Browser eingene erhalte ich die gewünschte Seite. Hier mal der direkte link zu google mit dem entsprechenden Eintrag (hotdog wagen) hxxp://www.google.de/search?hl=de&source=hp&q=hotdog+wagen&aq=f&aqi=g-s3&aql=&oq=&gs_rfai= *grübel* Wie kann ich das denn ändern. Alle anderen Verweis von googl funktionieren. Ist dann diese Seite gehackt ?? Grüße Jörg |
|
07.07.2010, 11:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google verlinkt auf Malware Virus Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
07.07.2010, 12:06
| #3 |
| | Google verlinkt auf Malware Virus Malwarebytes' Anti-Malware 1.46
__________________www.malwarebytes.org Datenbank Version: 4287 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 07.07.2010 12:34:15 mbam-log-2010-07-07 (12-34-15).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 140689 Laufzeit: 7 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
07.07.2010, 12:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf Malware Virus Hattest Du Malwarebytes schon vorher mal ausgeführt? Wenn ja, bitte auch alle alten Logs davon posten.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.07.2010, 12:10
| #5 |
| | Google verlinkt auf Malware Virus Nein, noch nie. Ich habe diese Oldtimer ausgeführt aber da kommt kein Log File???? |
|
07.07.2010, 12:15
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf Malware Virus Wenn der Scan beendet ist werden sich 2 Notepad-Fenster öffnen, OTL.Txt und Extras.Txt. Diese werden am selben Ort gespeichert wie OTL.
__________________ --> Google verlinkt auf Malware Virus |
|
07.07.2010, 12:19
| #7 |
| | Google verlinkt auf Malware Virus Ahh.. ich Anfänger. Ok, ich lass auch gleich mal den aktuellsten CC Cleaner drüber laufen, aber Grundsätzlich denke ich das es nicht an meinem PC liegen kann, da es bei jedem dem ich diese Seite so gemeldet habe exakt das selbe aufgetreten ist. Ich psote dann gleich die fehlenden Logs. |
|
07.07.2010, 12:39
| #8 |
| | Google verlinkt auf Malware Virus OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.07.2010 13:34:30 - Run 3
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\pcdualcore\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 26,00% Memory free
2,00 Gb Paging File | 0,00 Gb Available in Paging File | 21,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,74 Gb Total Space | 310,23 Gb Free Space | 69,60% Space Free | Partition Type: NTFS
Drive D: | 20,01 Gb Total Space | 16,64 Gb Free Space | 83,17% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 298,09 Gb Total Space | 10,69 Gb Free Space | 3,59% Space Free | Partition Type: NTFS
Computer Name: PCDUALCORE-PC
Current User Name: pcdualcore
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] --
.ini [@ = UltraEdit.ini] -- C:\Program Files\UltraEdit\UEDIT32.EXE (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- Reg Error: Key error. File not found
.txt [@ = UltraEdit.txt] -- C:\Program Files\UltraEdit\UEDIT32.EXE (IDM Computer Solutions, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A48D6A39-855C-408D-8959-68216A3C5EF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D30EA1DB-81D9-45EF-B0EB-B9BAB8CAF437}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089E5337-47BC-4B6A-8B43-DDAE453F7B12}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0D717F2E-C1C1-4790-81B0-0709EF052B14}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{0E06A794-F227-4722-B527-C67A1751FD07}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{1A1A2873-9069-4A2C-8F92-12C76EB06C35}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{1FAC9C13-117F-4AAA-A4EF-919FF1703CF3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{20807AE6-892E-4BC6-94A9-D0693C1BAE79}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{3CC7C789-DC73-466B-BEA3-46317E27FFDD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{5794D5CD-BBAB-4605-B9CE-03CA75325739}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{5E823107-BA60-4D3A-A163-C4CE2B1D5107}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{624A370C-A29E-4566-A747-0CEB86E82F15}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7B1535AF-C31D-4B98-8CC0-9F428EAE7218}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{7DFB76A2-5A23-4375-9832-8E8CD15AA82E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{848679EB-AF72-4898-8D2D-2ADB3C631C5F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8E8DEA03-D7BE-49AE-8EC2-3264B10085BE}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{A3FF239E-AC54-418C-9408-EADE96A2A194}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{B0171002-4BB6-43D9-A2D7-42E7B2A1A16C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{B07FD5F3-BA0C-42A8-9F10-FD9F35BBB93E}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{C0C4DEB1-195C-4946-A02B-E7E60EDBC148}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C9066973-D91B-467B-85F7-BD877402F757}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EC75A8C1-641E-4CF2-8B3E-BD7BE6217A53}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F28AE6C6-0C65-4262-845F-00EF167A0790}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{FDDD50AB-D691-43C4-8F2E-9FC25A567824}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"TCP Query User{0EAF377A-A8C0-4D2C-B55B-2DC32381D2C5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1B9C1893-2455-4D35-9ECF-0CE9464B4B27}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{1C7A0415-9ABE-41FB-BE14-DE4F1B0C2DA8}K:\downloads\filezilla_3.0.3_win32\filezilla-3.0.3\filezilla.exe" = protocol=6 | dir=in | app=k:\downloads\filezilla_3.0.3_win32\filezilla-3.0.3\filezilla.exe |
"TCP Query User{2C971C0F-5C59-45A0-9801-1788DEA21376}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{2EDA2B5C-312D-40E5-949A-DEC4B069A8E3}C:\program files\ws_ftp-firma\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp-firma\ws_ftp95.exe |
"TCP Query User{437D4259-A3C3-432A-A8B0-D75B598F65E2}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{440A3F39-DB8E-4B4D-8D78-8D9BD8616875}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{453E249D-B967-4988-86ED-70EF2F8E15EA}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe |
"TCP Query User{52C91CA7-A298-4401-8E9E-170E3E9AF0E3}K:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=k:\xampp\apache\bin\apache.exe |
"TCP Query User{5729B9F3-F35C-449C-8215-BF12DCB6BA41}L:\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=l:\ws_ftp\ws_ftp95.exe |
"TCP Query User{59F0F9CB-47E1-42AA-9B54-E1F82E01B1AC}C:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{5D8E814C-EE63-44C6-91E7-3A1F92C6A2CD}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{5F090FAF-E83B-4477-88DD-C46CC608B245}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"TCP Query User{6EDC3076-8CE9-47B3-9247-4FEFFA425172}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{7026E33A-15D9-4E4F-9717-9E591ED59506}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{956936F5-CADA-453F-A076-5B6C45810BCC}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{9F7E42F9-5835-4F12-9345-55D8E82491B0}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{AC10F331-66B7-45C4-86A0-0D15A7FB9BF4}C:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{AE80A5D3-3AD8-42F9-85DC-7B3CE046C1F7}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe |
"TCP Query User{AFAC01F1-420E-4EEC-BB83-81DAB06B42E1}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{B93A6A33-ED63-44D0-A2BB-0ECDC1BD5F06}C:\program files\webeye\webeye.exe" = protocol=6 | dir=in | app=c:\program files\webeye\webeye.exe |
"TCP Query User{C2CC7EE1-A1F4-4728-95AD-91132CB8C5A7}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{C84890B0-E1E3-45E5-BC8E-5487B0A6F13E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DD65BFFF-21AD-4A45-B75D-A2B8CDBD8DD7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E0572BEC-AEA4-40A6-9CE7-775B4F0D59E5}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{E17BD3B4-F8F9-4538-840F-26A63265765E}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{E90AD9BF-89DC-424A-B3EB-74574F27BD9A}C:\program files\pandion\pandion.exe" = protocol=6 | dir=in | app=c:\program files\pandion\pandion.exe |
"TCP Query User{F1B7908F-0BA4-4190-8099-53F6769FCC84}C:\program files\fritz!fax\igd_finder.exe" = protocol=6 | dir=in | app=c:\program files\fritz!fax\igd_finder.exe |
"TCP Query User{F4938B8E-8612-4FA4-BFA1-3121554CBB1A}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{FB606BF4-8D4A-41DB-90FD-1C52E856846A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{FE482738-2C6A-4109-BB8E-C81D3A477AA2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{077E69A6-E611-4A1A-9C07-ABA966AC5C8E}L:\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=l:\ws_ftp\ws_ftp95.exe |
"UDP Query User{0785AAAC-9688-46C3-8C04-634B30D329B8}K:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=k:\xampp\apache\bin\apache.exe |
"UDP Query User{0E168AAB-C071-462B-BC2E-6E358FC22208}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"UDP Query User{0F2D7ABD-93F9-4E1F-A331-09C8A2F90956}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{17EB8FAB-74C5-45DB-BAD4-BA3DDF705174}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1F665C4B-B673-4F12-8F20-0AC1F6E5FBA5}K:\downloads\filezilla_3.0.3_win32\filezilla-3.0.3\filezilla.exe" = protocol=17 | dir=in | app=k:\downloads\filezilla_3.0.3_win32\filezilla-3.0.3\filezilla.exe |
"UDP Query User{21BF3C66-6B6E-4568-A124-D296B84FB6BC}C:\program files\pandion\pandion.exe" = protocol=17 | dir=in | app=c:\program files\pandion\pandion.exe |
"UDP Query User{37977934-9AD7-4EE3-8FD1-21CB54A3E82F}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{3820388D-5215-4A33-B522-0047863BB666}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{39AE2869-82AA-4284-AED0-B0A471DC6B63}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe |
"UDP Query User{6A9DC14F-52BE-4B3B-AF63-3C4B53AFF32F}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{6F9AC110-8BE9-4A4F-BAAC-7C72543E6C20}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{72EE4EA1-4C75-4A92-BE6E-0D4400964543}C:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{767E2943-CA56-46C6-931C-16A26A6B5D8A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{7A5809E9-A599-4D11-BB17-6C85D4B3F889}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe |
"UDP Query User{84CE04D9-54B1-4AA8-B97E-52CF42A8BF1B}C:\program files\webeye\webeye.exe" = protocol=17 | dir=in | app=c:\program files\webeye\webeye.exe |
"UDP Query User{A512EDBE-8ED1-4E5D-8C28-F31FAFF1AABD}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{AF726BAC-9BA8-4D84-BDD7-94BD050CA52A}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{B213E3F0-B43E-41F9-BFDC-96C26271D695}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B375777D-50E3-41F1-B76A-1C15A86DD080}C:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{B83D99B7-5295-414A-9B8D-EAAD475BD20F}C:\program files\fritz!fax\igd_finder.exe" = protocol=17 | dir=in | app=c:\program files\fritz!fax\igd_finder.exe |
"UDP Query User{B8D21D4C-6ABA-42F1-B631-BDC09AD6B906}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{C385E412-42D0-4CCC-BD29-044FD08F0CC9}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C5B2AC32-DCC1-4A8F-8F72-C3C50EC69FC6}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C875DD2E-A49A-4EB9-B74C-2E5A8067D746}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{C942E4E5-4D8B-4C83-AA91-2D2DA60CB254}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{CB20A0A7-8A37-4365-B203-3D65441347E4}C:\program files\ws_ftp-firma\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp-firma\ws_ftp95.exe |
"UDP Query User{CCAD264D-65FC-40DB-99AF-AA1C5D06C7B4}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{F25BF45D-9B74-4539-841F-155924799E08}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{F81B4B8C-7EC3-4CB0-9783-52033FD2BAF3}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{FEF844F5-2227-4BC0-A5AA-8DEACAA9DA7E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2CAD9C1F-4A40-4F93-83B7-62CCF8309223}" = MFC8.0 Runtime Setup
"{30988956-A604-4974-9333-10B63252522D}" = UltraCompare v7.10
"{35846BA4-5A5A-433B-B65E-41C324AEFFA4}" = Pandion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56A990F9-C188-42ED-B4E1-754169BCA305}_is1" = TV Logos for DVBViewer Pro 1.0
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C98752-1B7D-4C8F-8C70-0B0A29D5ECBF}" = ArcSoft MediaConverter 2.5
"{6545C384-6D88-4352-A409-CB61AD51CE3C}" = UltraCompare v6.40
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C32ACBF-B9CA-4d53-BB71-C4FA97582286}_is1" = Sothink DHTML Menu 9
"{6E157E09-AA2E-4090-8EC6-6B9F5FFFB287}" = UltraEdit 16.10
"{6FDCF790-49AF-4E3B-8EB2-C07E2DBA55EA}" = StarMoney 5.0 S-Edition
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A778A36-63FC-4B14-BA1B-0458407D62FF}" = StarMoney 7.0 S-Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF50AFB3-5FE9-45BE-9701-9A90993441AB}" = StarMoney 6.0 S-Edition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E782A239-BB9C-419A-A515-368BBEF789C5}" = StarMoney
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0CFDC72-63D2-4086-A54F-1514494394A0}" = Hercules DualPix HD Webcam
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30F4040-D69D-4055-81AD-D08BF8138FD0}_is1" = DVBViewer Recording Properties
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0-360 UnWrapper 3.2_is1" = 0-360 UnWrapper 3.2
"0-360 UnWrapper_is1" = 0-360 UnWrapper
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.50" = AFPL Ghostscript 8.50
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Arles Image Web Page Creator_is1" = Arles Image Web Page Creator 7.4.3
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.40
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = FRITZ!Box
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"Bildschutz_is1" = Bildschutz Pro
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"DebugBar" = DebugBar v5.3 for Internet Explorer (remove only)
"DVBViewer Pro_is1" = DVBViewer Pro
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"Easypano Panorama2Flash_is1" = Panorama2Flash
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.3.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"Flare" = Flare 0.6
"Flv Grabber_is1" = FlvGrabber
"FMS" = FMS
"foobar2000" = foobar2000 v1.0.3
"Free Download Manager_is1" = Free Download Manager 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.7.8
"Free Studio_is1" = Free Studio version 4.6
"Free Video Converter_is1" = Free Video Converter V 2.5
"FRITZ!DSL" = AVM FRITZ!DSL
"Google Desktop" = Google Desktop
"IETester" = IETester v0.4 (remove only)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"LameACM" = Lame ACM MP3 Codec
"Macromedia Dreamweaver 3 De" = Macromedia Dreamweaver 3 De
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 (D)
"MAGIX Video deluxe 2007 PLUS D" = MAGIX Video deluxe 2007 PLUS (D)
"MailList Controller_is1" = MailList Controller 7.2 R3 Free
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MedionVFD" = Medion Info Display (MCE)
"MeGUI" = MeGUI (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MPE" = MyPhoneExplorer
"mtt12" = Mp3 Tag Tools v1.2
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = oggcodecs 0.71.0946
"Pandion" = Pandion
"Personal Backup_is1" = Personal Backup 4.5
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
"Pop-Up Menu Creator4.8.0" = Pop-Up Menu Creator
"QuickPar" = QuickPar 0.9
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rename-It!" = Rename-It!
"RiadaHeadline" = RiadaHeadline
"SetFileDate_is1" = SetFileDate 2.0
"SWiSH Max2" = SWiSH Max2
"SWiSH Video3" = SWiSH Video3
"SWiSHmax" = SWiSHmax
"SWiSHvideo2" = SWiSHvideo2
"SystemRequirementsLab" = System Requirements Lab
"TrueCrypt" = TrueCrypt
"UltraEdit-32" = UltraEdit-32 Uninstall
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"Winmail Opener" = Winmail Opener 1.4
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR Archivierer
"WordToPDF_is1" = WordToPDF 2.4
"xampp" = XAMPP 1.6.4
"XMedia Recode" = XMedia Recode 2.0.9.3
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"eXpress TimeStamp Toucher" = eXpress TimeStamp Toucher
"pdfsam" = pdfsam
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.08.2009 16:24:20 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:20 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:20 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:20 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:22 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:23 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:23 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:32 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:32 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:33 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 03.07.2010 08:53:19 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 04.07.2010 07:57:28 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 05.07.2010 02:14:58 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 05.07.2010 06:25:02 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 05.07.2010 15:25:41 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.07.2010 02:52:31 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.07.2010 03:03:33 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.07.2010 03:16:35 | Computer Name = pcdualcore-PC | Source = Ntfs | ID = 262281
Description = Der Transaktionsressourcen-Manager auf Volume "Q:" konnte aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 07.07.2010 04:18:51 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.07.2010 06:59:42 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
07.07.2010, 12:40
| #9 |
| | Google verlinkt auf Malware Virus OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.07.2010 13:34:30 - Run 3 OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\pcdualcore\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 0,00 Gb Available in Paging File | 21,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,74 Gb Total Space | 310,23 Gb Free Space | 69,60% Space Free | Partition Type: NTFS Drive D: | 20,01 Gb Total Space | 16,64 Gb Free Space | 83,17% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded Drive F: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 298,09 Gb Total Space | 10,69 Gb Free Space | 3,59% Space Free | Partition Type: NTFS Computer Name: PCDUALCORE-PC Current User Name: pcdualcore Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Files/Folders - Created Within 30 Days ========== [2010.07.07 12:52:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.07.07 12:46:07 | 000,000,000 | -H-D | C] -- C:\Windows\autorec [2010.07.07 12:29:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\pcdualcore\Desktop\OTL.exe [2010.07.07 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\pcdualcore\AppData\Roaming\Malwarebytes [2010.07.07 12:25:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.07 12:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.07 12:25:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.07 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.07 10:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack [2010.07.05 12:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 7.0 [2010.07.05 12:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects [2010.07.05 12:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\StarFinanz [2010.07.05 12:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0 S-Edition [2010.06.29 10:40:48 | 000,000,000 | ---D | C] -- C:\Users\pcdualcore\AppData\Roaming\foobar2000 [2010.06.29 10:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000 [2010.06.29 10:23:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.06.29 10:23:19 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2010.06.28 11:10:10 | 000,000,000 | ---D | C] -- C:\Users\pcdualcore\AppData\Roaming\vlc [2010.06.28 08:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.06.25 09:52:48 | 000,000,000 | ---D | C] -- C:\Users\pcdualcore\AppData\Local\Deshaker [2010.06.24 03:00:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.24 03:00:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.24 03:00:43 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 09:14:02 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.06.23 09:14:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.06.11 08:23:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.11 08:23:18 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.11 08:23:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.11 08:22:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.06.11 08:22:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.11 08:22:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.06.11 08:22:12 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.11 08:22:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.11 08:22:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.06.11 08:22:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.06.11 08:22:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.06.11 08:22:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.11 08:22:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.11 08:22:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.06.11 08:22:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.06.11 08:22:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.06.11 08:22:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.06.11 08:22:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.06.11 08:21:01 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.07 13:35:20 | 004,718,592 | -HS- | M] () -- C:\Users\pcdualcore\ntuser.dat [2010.07.07 13:22:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.07 13:15:25 | 000,000,768 | ---- | M] () -- C:\Users\pcdualcore\Desktop\CCleaner.lnk [2010.07.07 12:58:23 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.07 12:58:12 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.07 12:58:12 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.07 12:58:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.07 12:58:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.07 12:58:03 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2010.07.07 12:56:12 | 000,524,288 | -HS- | M] () -- C:\Users\pcdualcore\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.07.07 12:56:12 | 000,065,536 | -HS- | M] () -- C:\Users\pcdualcore\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.07 12:55:42 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\UltraCompare Professional.lnk [2010.07.07 12:52:23 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2010.07.07 12:52:07 | 003,269,969 | -H-- | M] () -- C:\Users\pcdualcore\AppData\Local\IconCache.db [2010.07.07 12:51:30 | 000,010,692 | ---- | M] () -- C:\Windows\UEDIT32.INI [2010.07.07 12:34:18 | 000,001,921 | ---- | M] () -- C:\Windows\Editor-Ersatz.te1 [2010.07.07 12:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\Programmierer.te1 [2010.07.07 12:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\Power-Anwender.te1 [2010.07.07 12:34:17 | 000,024,304 | ---- | M] () -- C:\Windows\Fortgeschritten.mb1 [2010.07.07 12:34:17 | 000,024,088 | ---- | M] () -- C:\Windows\System-Administrator.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | M] () -- C:\Windows\Web-Entwickler.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | M] () -- C:\Windows\Technische Autoren.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | M] () -- C:\Windows\Programmierer.mb1 [2010.07.07 12:34:17 | 000,023,558 | ---- | M] () -- C:\Windows\Power-Anwender.mb1 [2010.07.07 12:34:17 | 000,011,569 | ---- | M] () -- C:\Windows\System-Administrator.te1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Web-Entwickler.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Technische Autoren.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\System-Administrator.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Programmierer.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Power-Anwender.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Fortgeschritten.pb1 [2010.07.07 12:34:17 | 000,005,010 | ---- | M] () -- C:\Windows\Editor-Ersatz.mb1 [2010.07.07 12:34:17 | 000,004,091 | ---- | M] () -- C:\Windows\Editor-Ersatz.pb1 [2010.07.07 12:34:17 | 000,002,938 | ---- | M] () -- C:\Windows\System-Administrator.tb1 [2010.07.07 12:34:17 | 000,002,567 | ---- | M] () -- C:\Windows\Web-Entwickler.tb1 [2010.07.07 12:34:17 | 000,002,010 | ---- | M] () -- C:\Windows\Programmierer.tb1 [2010.07.07 12:34:17 | 000,001,917 | ---- | M] () -- C:\Windows\Web-Entwickler.te1 [2010.07.07 12:34:17 | 000,001,887 | ---- | M] () -- C:\Windows\Technische Autoren.tb1 [2010.07.07 12:34:17 | 000,001,887 | ---- | M] () -- C:\Windows\Power-Anwender.tb1 [2010.07.07 12:34:17 | 000,001,887 | ---- | M] () -- C:\Windows\Fortgeschritten.tb1 [2010.07.07 12:34:17 | 000,000,726 | ---- | M] () -- C:\Windows\Technische Autoren.te1 [2010.07.07 12:34:17 | 000,000,559 | ---- | M] () -- C:\Windows\Editor-Ersatz.tb1 [2010.07.07 12:34:16 | 000,011,707 | ---- | M] () -- C:\Windows\Web-Entwickler.in1 [2010.07.07 12:34:16 | 000,010,708 | ---- | M] () -- C:\Windows\System-Administrator.in1 [2010.07.07 12:34:16 | 000,009,442 | ---- | M] () -- C:\Windows\Programmierer.in1 [2010.07.07 12:34:16 | 000,009,410 | ---- | M] () -- C:\Windows\Technische Autoren.in1 [2010.07.07 12:34:16 | 000,008,618 | ---- | M] () -- C:\Windows\Power-Anwender.in1 [2010.07.07 12:34:16 | 000,007,100 | ---- | M] () -- C:\Windows\Editor-Ersatz.in1 [2010.07.07 12:29:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\pcdualcore\Desktop\OTL.exe [2010.07.07 12:25:36 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.07 10:42:10 | 000,000,736 | ---- | M] () -- C:\Users\pcdualcore\Desktop\HTTrack Website Copier.lnk [2010.07.07 09:18:26 | 001,472,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.07 09:18:26 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.07 09:18:26 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.07 09:18:26 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.07 09:18:26 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.06 15:23:44 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1407C74E-F430-48FD-AC2B-B32A9CBFC111}.job [2010.07.05 21:24:21 | 000,325,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.05 12:34:28 | 000,079,024 | ---- | M] () -- C:\Users\pcdualcore\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.05 12:24:54 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0 S-Edition.lnk [2010.07.02 13:10:06 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.07.02 01:12:03 | 000,223,232 | ---- | M] () -- C:\Users\pcdualcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.29 10:40:42 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk [2010.06.29 00:17:40 | 000,524,288 | -HS- | M] () -- C:\Users\pcdualcore\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.28 15:07:35 | 000,001,794 | ---- | M] () -- C:\Users\pcdualcore\Desktop\Mail Safe Mode.lnk [2010.06.28 11:09:52 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.06.09 12:40:22 | 000,001,849 | ---- | M] () -- C:\Users\pcdualcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.07 12:55:42 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\UltraCompare Professional.lnk [2010.07.07 12:52:23 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2010.07.07 12:34:18 | 000,001,921 | ---- | C] () -- C:\Windows\Editor-Ersatz.te1 [2010.07.07 12:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\Programmierer.te1 [2010.07.07 12:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\Power-Anwender.te1 [2010.07.07 12:34:17 | 000,024,304 | ---- | C] () -- C:\Windows\Fortgeschritten.mb1 [2010.07.07 12:34:17 | 000,024,088 | ---- | C] () -- C:\Windows\System-Administrator.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | C] () -- C:\Windows\Web-Entwickler.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | C] () -- C:\Windows\Technische Autoren.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | C] () -- C:\Windows\Programmierer.mb1 [2010.07.07 12:34:17 | 000,023,558 | ---- | C] () -- C:\Windows\Power-Anwender.mb1 [2010.07.07 12:34:17 | 000,011,569 | ---- | C] () -- C:\Windows\System-Administrator.te1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Web-Entwickler.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Technische Autoren.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\System-Administrator.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Programmierer.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Power-Anwender.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Fortgeschritten.pb1 [2010.07.07 12:34:17 | 000,005,010 | ---- | C] () -- C:\Windows\Editor-Ersatz.mb1 [2010.07.07 12:34:17 | 000,004,091 | ---- | C] () -- C:\Windows\Editor-Ersatz.pb1 [2010.07.07 12:34:17 | 000,002,938 | ---- | C] () -- C:\Windows\System-Administrator.tb1 [2010.07.07 12:34:17 | 000,002,567 | ---- | C] () -- C:\Windows\Web-Entwickler.tb1 [2010.07.07 12:34:17 | 000,002,010 | ---- | C] () -- C:\Windows\Programmierer.tb1 [2010.07.07 12:34:17 | 000,001,917 | ---- | C] () -- C:\Windows\Web-Entwickler.te1 [2010.07.07 12:34:17 | 000,001,887 | ---- | C] () -- C:\Windows\Technische Autoren.tb1 [2010.07.07 12:34:17 | 000,001,887 | ---- | C] () -- C:\Windows\Power-Anwender.tb1 [2010.07.07 12:34:17 | 000,001,887 | ---- | C] () -- C:\Windows\Fortgeschritten.tb1 [2010.07.07 12:34:17 | 000,000,726 | ---- | C] () -- C:\Windows\Technische Autoren.te1 [2010.07.07 12:34:17 | 000,000,559 | ---- | C] () -- C:\Windows\Editor-Ersatz.tb1 [2010.07.07 12:34:16 | 000,011,707 | ---- | C] () -- C:\Windows\Web-Entwickler.in1 [2010.07.07 12:34:16 | 000,010,708 | ---- | C] () -- C:\Windows\System-Administrator.in1 [2010.07.07 12:34:16 | 000,009,442 | ---- | C] () -- C:\Windows\Programmierer.in1 [2010.07.07 12:34:16 | 000,009,410 | ---- | C] () -- C:\Windows\Technische Autoren.in1 [2010.07.07 12:34:16 | 000,008,618 | ---- | C] () -- C:\Windows\Power-Anwender.in1 [2010.07.07 12:34:16 | 000,007,100 | ---- | C] () -- C:\Windows\Editor-Ersatz.in1 [2010.07.07 12:25:36 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.07 10:42:10 | 000,000,736 | ---- | C] () -- C:\Users\pcdualcore\Desktop\HTTrack Website Copier.lnk [2010.07.05 12:24:54 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0 S-Edition.lnk [2010.06.29 10:40:42 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk [2010.06.28 15:03:49 | 000,001,794 | ---- | C] () -- C:\Users\pcdualcore\Desktop\Mail Safe Mode.lnk [2010.06.28 11:09:52 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.03.19 10:38:27 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.12.16 17:44:06 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll [2009.11.05 18:22:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\p2fContextMenu.dll [2009.09.24 00:56:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.16 13:30:35 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2009.07.17 08:24:06 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.04.14 08:06:18 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.04.14 07:46:38 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLeNL.DLL [2008.05.06 19:39:03 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.03.21 14:43:46 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll [2008.03.21 14:43:46 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.01.18 10:58:59 | 000,000,301 | ---- | C] () -- C:\Windows\tm.ini [2007.11.06 22:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007.09.28 18:07:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.09.28 18:05:50 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2007.09.28 18:05:50 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2007.09.28 18:05:08 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.09.16 12:13:34 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll [2007.09.16 12:13:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2007.08.02 20:06:43 | 000,030,008 | ---- | C] () -- C:\Windows\unvpeye.ini [2007.04.30 21:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\Videodeluxe.INI [2007.04.30 20:37:57 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.04.30 16:54:10 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.04.30 15:42:47 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2007.04.30 15:10:11 | 000,010,692 | ---- | C] () -- C:\Windows\UEDIT32.INI [2007.04.27 17:24:22 | 000,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLbNL.DLL [2007.04.27 16:58:01 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2007.02.21 21:00:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2006.12.10 23:32:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2006.12.08 14:50:14 | 000,217,088 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.12.08 14:47:54 | 001,159,168 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll [2002.05.28 03:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll [2001.06.24 11:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:DCD39382 < End of report > |
|
07.07.2010, 12:48
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf Malware VirusZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.07.2010, 23:18
| #11 |
| | Google verlinkt auf Malware Virus Naja, wie vermutet das war ein Fehler auf der Webseite, der Server dort war gehackt. Der vollständigkeit halber das Logfile. Frage mich nur wie das sein kann, dass wenn man auf den google Ergebnis Link klickt etwas anderes zu sehen bekommt (die verseuchte Seite) und nicht den Original Inhalt, den man bekommt wenn man den Link direkt in die Adresszeile des Browsers eingibt. LOgfile: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4287 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 07.07.2010 20:26:09 mbam-log-2010-07-07 (20-26-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|) Durchsuchte Objekte: 754260 Laufzeit: 6 Stunde(n), 35 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
08.07.2010, 09:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf Malware Virus Wenn die Seite gehackt war, liegt das Problem nat. nicht auf Deiner Seite. Die Logs sind auch unauffällig.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.07.2010, 09:52
| #13 |
| | Google verlinkt auf Malware Virus Ja, so war es auch, trotzdem Danke für die freundliche Hilfe. Aber kannst du mir nicht die Frage beantworten? Wie es zu erklären ist, dass wenn man auf den Google Ergebnislink klickt zu dem "Virus" kommt / weitergeleitet wird und wenn man es in der Adresszeile eingibt die "ungehackte" Seite kommt? Grüße |
|
08.07.2010, 11:00
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf Malware VirusZitat:
 Kannst Du das mal genauer beschreiben?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.07.2010, 12:27
| #15 |
| | Google verlinkt auf Malware Virus Hab ich schon 2 mal (siehe 1. Posting) Was hast Du denn daran nicht verstanden? Habe ich mich unklar ausgedrückt??? Grüße |
|
| Themen zu Google verlinkt auf Malware Virus |
| andere, anderen, browser, direkt, eingebe, eintrag, erhalte, folge, folgendes, gehackt, google, grübel, kleines, link, malware, seite, source, suchergebnis, suchfeld, verlinkt, virus, virusscan, virusscanner |
