Beiträge von OpaPaule

OpaPaule

Hallo,

so, hier nach einigen Stunden Durchlauf nun das Logfile:

Code

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org


Datenbank Version: 6617


Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421


20.05.2011 12:13:01
mbam-log-2011-05-20 (12-13-01).txt


Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 666667
Laufzeit: 5 Stunde(n), 43 Minute(n), 12 Sekunde(n)


Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4


Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)


Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)


Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\crazyvegas (PUP.Casino.Gen) -> Quarantined and deleted successfully.


Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.


Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.


Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)


Infizierte Dateien:
c:\microgaming\Casino\crazyvegas\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\UMPlayer\mplayer\codecs\msvidc32.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Tools\keylogger\Xenocode\postbuild 2009 for .net beta\postbuild.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jürgen\downloads\crazyvegas.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.

Alles anzeigen

Gruß Jürgen

OpaPaule

warum denn gleich so bissig?Hab mir grade das empfohlene Programm installiert. Werde morgen einen neuen Durchlauf machen. Warum sollte ich alles besser wissen sollen? Habe ich das behauptet?

Gruß Jürgen

OpaPaule

Also, ob ihr's glaubt oder nicht... hab jetzt noch einmal FF ausgeschaltet (geschlossen) und nach 1 Minute wieder geöffnet: ALLE Addons wieder da!!!! ?????? Zauberhft!!!! Ist das symptomatisch oder bin ich wieder der Einzige ???

Gruß Jürgen

OpaPaule

Dazu bin ich gar nicht erst gekommen!!! FF geschlossen, PC heruntergefahren (vorher im Taskmanager vergewissert dass FF auch wirklich zu ist !), PC später wieder eingeschaltet, FF startete nicht mehr sebsständir wie sonst, also von Hand gestartet... Ergebnis: alle Addons wieder mal verschwunden!!!???????

Gruß Jürgen

OpaPaule

Ja. Ihr werdet es nicht glauben, aber seit heute früh hab ich alle Addons wieder!!!?????
Allerdings musste ich mit der Chronik alle Tabs wieder herstellen....
Sonderbarer FF 4.0.1....

Gruß Jürgen

OpaPaule

Code

Loaris Trojan Remover v.1.2.3.1
Report file date: 17.05.2011 06:37:59


Scanning for 603689 virus strains and unwanted programs.


Licensed for:     
Serial number:    
Windows version:  Windows 7 Ultimate (version 6.1)
Username:         Jürgen
Computer name:    JÜRGEN-PC


Starting the file scan:


Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- C:\PROGRA~2\Preispiraten6\IEButtonAmazonInterface.dll ---- BHO
	Suspicious
	amazon
	MD5: CB571E68C1DA6FE60839A3CB3DCBBCB9:648192
	EP: 55 8B EC 83 C4 B4 B8 74 68 48 00 E8 64 FA F7 FF B8 48 67 48 00 A3 6C B6 48 00 B8 01 00 00 00 E8 18 FB FF FF A1 A0 A5 48 00 83 38 01 74 42 A1 FC A5 48 00 83 38 00 74 38 A1 F8 A2 46 00 50 8D 55 B4
	SEC:
		CODE:903119DCB5AC7F0887210235C9A30600:548352
		DATA:87DD299B55CB18E4113E217D6C2C496A:15360
		BSS:00000000000000000000000000000000:0
		.idata:CEE4D1072265F12C4F6688016DF215BE:10240
		.edata:279ACA7308766022FF5800E4C8410623:512
		.reloc:A71982BEF69E0D3034E461519F731046:37376
		.rsrc:486390BB40949C66318A9FC9FC23CBBF:35328




----- C:\PROGRA~2\Preispiraten6\IEButtonPPInterface.dll ---- BHO
	Suspicious
	Preispiraten
	MD5: 5DCF5734206CD712491A62CE1DF5B2BE:658432
	EP: 55 8B EC 83 C4 B4 B8 FC 74 48 00 E8 D4 ED F7 FF B8 C4 73 48 00 A3 6C C6 48 00 B8 01 00 00 00 E8 04 FB FF FF A1 A8 B5 48 00 83 38 01 74 42 A1 04 B6 48 00 83 38 00 74 38 A1 F8 A2 46 00 50 8D 55 B4
	SEC:
		CODE:500024C8AAFBB27B252D3AC8529838C5:551424
		DATA:7B88D42B76023308697A68AC6A5FAF0A:15360
		BSS:00000000000000000000000000000000:0
		.idata:F9FDE5F246C718E02D11DCDBEBD21073:10240
		.edata:15ABA0283522A99CC5989B129C4416E3:512
		.reloc:70882FB6F29FB1C1CC66C4AD9CFE07A6:37888
		.rsrc:C5941A595862B34B4243C77F8E117BA9:41984




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe ---- Registry
	Hijack.Security




----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe ---- Registry
	Hijack.Security




----- C:\Windows\System32\Autumn_Wonderland_3D_Screensaver.scr ---- General
	HEUR.Suspicious.EXECRYPT
	ProdVer: 1, 0, 0, 1
	FileVer: 1, 0, 0, 1
	Name   : Autumn Wonderland 3D Screensaver
	Company: 3Planesoft
	NAC: 012C5CF3EFA92B401F7D9B336F638667:42
	MD5: 2F9A2FCAE5E25DB69265567B30D33A2D:960512
	RIC: 0B0DBD7B5133DAB8260D31C64DEB79F4:25064
	EP: E8 3B FF FF FF 05 E2 0F 00 00 FF E0 E8 2F FF FF FF 05 E6 11 00 00 FF E0 E8 04 00 00 00 FF FF FF FF 5E C3 00 82 18 C3 E8 67 4E 72 87 F1 37 48 12 58 30 C9 B6 4C B3 44 A9 FC C9 C2 61 4E 8A 58 3F 72
	SEC:
		.text:00000000000000000000000000000000:0
		h60s5re:00000000000000000000000000000000:0
		.data:00000000000000000000000000000000:0
		STLPORT:00000000000000000000000000000000:0
		.rsrc:8391F4634B82DB928F5FBCB3DDF96482:106496
		jc0mpot:00000000000000000000000000000000:0
		4b9zm14:F84D7EE2A95EFD9E431B94DDFED6DEE0:852480
		l67vyoy:DA11EF5AFDBC9ADD0A6727FF5C981820:512




----- C:\Windows\System32\setupempdrv03.exe ---- General
	Trojan.Win32.FraudPack.vds
	MD5: 780FB595E5E11355A8313F644329E3EB:86408
	RIC: 03D642AFD6A0BAA805B32804DDCEE9EE:23424
	EP: 6A 60 68 78 51 40 00 E8 7F 03 00 00 BF 94 00 00 00 8B C7 E8 83 10 00 00 89 65 E8 8B F4 89 3E 56 FF 15 4C 50 40 00 8B 4E 10 89 0D BC 72 40 00 8B 46 04 A3 C8 72 40 00 8B 56 08 89 15 CC 72 40 00 8B
	SEC:
		.text:EA7BDDF0D2D25407C4B8572BA38EA3D6:16384
		.rdata:D0C54EE1B3E6065F608AD5FFA63D76CB:8192
		.data:4E69ECEBCDB89A9D07FDD4302A343FE0:4096
		.rsrc:8D740F99B6B946ABAF6F6610DAF14EC9:49152




----- C:\Windows\System32\Sun_Village_3D_Screensaver.scr ---- General
	HEUR.Suspicious.EXECRYPT
	ProdVer: 1, 1, 0, 3
	FileVer: 1, 1, 0, 3
	Name   : Sun Village 3D Screensaver
	Company: 3Planesoft
	NAC: 7EA80F1DC8A48AC25173C28B9DC11BC7:36
	MD5: 12241790B369EE10970B1D8779D78D91:937472
	RIC: 5D814705DCDA509BCF129719762CEAA2:25064
	EP: E8 3B FF FF FF 05 C7 04 00 00 FF E0 E8 2F FF FF FF 05 39 89 00 00 FF E0 E8 04 00 00 00 FF FF FF FF 5E C3 00 D4 FE 70 FE BF 78 C5 76 E8 E0 B3 7B 2F C5 8C CF D8 09 E5 BD 73 FD FA DE C7 EB 98 A3 37
	SEC:
		.text:00000000000000000000000000000000:0
		f630bk.:00000000000000000000000000000000:0
		.data:00000000000000000000000000000000:0
		STLPORT:00000000000000000000000000000000:0
		.rsrc:7579AD2EC40D4FF720B4C6625AD08294:95744
		bgixtp2:00000000000000000000000000000000:0
		8xkotst:53627FC79C85723A7902220604B9B1E8:840192
		yk7gwxo:91D9604648150550ED198FA7B9C98134:512




----- C:\Windows\SysWOW64\Autumn_Wonderland_3D_Screensaver.scr ---- General
	HEUR.Suspicious.EXECRYPT
	ProdVer: 1, 0, 0, 1
	FileVer: 1, 0, 0, 1
	Name   : Autumn Wonderland 3D Screensaver
	Company: 3Planesoft
	NAC: 012C5CF3EFA92B401F7D9B336F638667:42
	MD5: 2F9A2FCAE5E25DB69265567B30D33A2D:960512
	RIC: 0B0DBD7B5133DAB8260D31C64DEB79F4:25064
	EP: E8 3B FF FF FF 05 E2 0F 00 00 FF E0 E8 2F FF FF FF 05 E6 11 00 00 FF E0 E8 04 00 00 00 FF FF FF FF 5E C3 00 82 18 C3 E8 67 4E 72 87 F1 37 48 12 58 30 C9 B6 4C B3 44 A9 FC C9 C2 61 4E 8A 58 3F 72
	SEC:
		.text:00000000000000000000000000000000:0
		h60s5re:00000000000000000000000000000000:0
		.data:00000000000000000000000000000000:0
		STLPORT:00000000000000000000000000000000:0
		.rsrc:8391F4634B82DB928F5FBCB3DDF96482:106496
		jc0mpot:00000000000000000000000000000000:0
		4b9zm14:F84D7EE2A95EFD9E431B94DDFED6DEE0:852480
		l67vyoy:DA11EF5AFDBC9ADD0A6727FF5C981820:512




----- C:\Windows\SysWOW64\setupempdrv03.exe ---- General
	Trojan.Win32.FraudPack.vds
	MD5: 780FB595E5E11355A8313F644329E3EB:86408
	RIC: 03D642AFD6A0BAA805B32804DDCEE9EE:23424
	EP: 6A 60 68 78 51 40 00 E8 7F 03 00 00 BF 94 00 00 00 8B C7 E8 83 10 00 00 89 65 E8 8B F4 89 3E 56 FF 15 4C 50 40 00 8B 4E 10 89 0D BC 72 40 00 8B 46 04 A3 C8 72 40 00 8B 56 08 89 15 CC 72 40 00 8B
	SEC:
		.text:EA7BDDF0D2D25407C4B8572BA38EA3D6:16384
		.rdata:D0C54EE1B3E6065F608AD5FFA63D76CB:8192
		.data:4E69ECEBCDB89A9D07FDD4302A343FE0:4096
		.rsrc:8D740F99B6B946ABAF6F6610DAF14EC9:49152




----- C:\Windows\SysWOW64\Sun_Village_3D_Screensaver.scr ---- General
	HEUR.Suspicious.EXECRYPT
	ProdVer: 1, 1, 0, 3
	FileVer: 1, 1, 0, 3
	Name   : Sun Village 3D Screensaver
	Company: 3Planesoft
	NAC: 7EA80F1DC8A48AC25173C28B9DC11BC7:36
	MD5: 12241790B369EE10970B1D8779D78D91:937472
	RIC: 5D814705DCDA509BCF129719762CEAA2:25064
	EP: E8 3B FF FF FF 05 C7 04 00 00 FF E0 E8 2F FF FF FF 05 39 89 00 00 FF E0 E8 04 00 00 00 FF FF FF FF 5E C3 00 D4 FE 70 FE BF 78 C5 76 E8 E0 B3 7B 2F C5 8C CF D8 09 E5 BD 73 FD FA DE C7 EB 98 A3 37
	SEC:
		.text:00000000000000000000000000000000:0
		f630bk.:00000000000000000000000000000000:0
		.data:00000000000000000000000000000000:0
		STLPORT:00000000000000000000000000000000:0
		.rsrc:7579AD2EC40D4FF720B4C6625AD08294:95744
		bgixtp2:00000000000000000000000000000000:0
		8xkotst:53627FC79C85723A7902220604B9B1E8:840192
		yk7gwxo:91D9604648150550ED198FA7B9C98134:512




----- C:\Users\Jürgen\AppData\Local\IM\Identities\{91AB453F-0D2F-4705-8FAD-E76FBAA4FED7}\Message Store\Attachments\Mietvertrag_27_09_2010[1].pdf ---- General
	PDF.Exploit
	MD5: 89552C0B6DDF38E00B55AD98202B7E3E:208321
	EP: 00
	SEC:




----- C:\Users\Jürgen\AppData\Local\IM\Identities\{91AB453F-0D2F-4705-8FAD-E76FBAA4FED7}\Message Store\Attachments\{806E2D58-6E61-4A37-B8FF-CBDB20073702}\Mietvertrag_27_09_2010[1].pdf ---- General
	PDF.Exploit
	MD5: 89552C0B6DDF38E00B55AD98202B7E3E:208321
	EP: 00
	SEC:




----- C:\Users\Jürgen\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll ---- General
	Generic StartPage!l
	ProdVer: 0.85.5
	FileVer: 0.85.5.452
	Name   : #ZipLibrary
	Company: ICSharpCode.net
	NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
	MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
	EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	SEC:
		.text:C768700BC346A12026B82435169FDAD8:180224
		.rsrc:5D521464F3C88641920FB425BB4877A1:4096
		.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096




----- C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Refero Group\Easy Clone Detective\Easy Clone Detective.lnk ---- General
	Mal/FakeAV!se2
	MD5: ACEFA3A8618A31B0083C45E2D16F07DA:2263
	EP: 00
	SEC:




----- C:\Users\Jürgen\Desktop\Bildbearbeitung\Photo Stamp Remover.lnk ---- General
	Mal/Packer!se2
	MD5: 4BAAA7FEDD294F579EB9064F9D22D4C8:1036
	EP: 00
	SEC:




----- C:\Users\Jürgen\Desktop\Tools\Easy Clone Detective.lnk ---- General
	Mal/FakeAV!se2
	MD5: 4A51A3929F735BEF61F5A9F6A5C4009E:2221
	EP: 00
	SEC:




----- C:\Users\Jürgen\Documents\IM\Identities\{91AB453F-0D2F-4705-8FAD-E76FBAA4FED7}\Message Store\Attachments\Mietvertrag_27_09_2010[1].pdf ---- General
	PDF.Exploit
	MD5: 89552C0B6DDF38E00B55AD98202B7E3E:208321
	EP: 00
	SEC:




----- C:\Users\Jürgen\Documents\IM\Identities\{91AB453F-0D2F-4705-8FAD-E76FBAA4FED7}\Message Store\Attachments\{806E2D58-6E61-4A37-B8FF-CBDB20073702}\Mietvertrag_27_09_2010[1].pdf ---- General
	PDF.Exploit
	MD5: 89552C0B6DDF38E00B55AD98202B7E3E:208321
	EP: 00
	SEC:




----- C:\Users\Jürgen\Documents\IM\Message Store\Attachments\Mietvertrag_27_09_2010[1].pdf ---- General
	PDF.Exploit
	MD5: 89552C0B6DDF38E00B55AD98202B7E3E:208321
	EP: 00
	SEC:




----- C:\Users\Jürgen\Documents\IM\Message Store\Attachments\{806E2D58-6E61-4A37-B8FF-CBDB20073702}\Mietvertrag_27_09_2010[1].pdf ---- General
	PDF.Exploit
	MD5: 89552C0B6DDF38E00B55AD98202B7E3E:208321
	EP: 00
	SEC:




----- C:\Users\Jürgen\Downloads\UnZip\Corel.PaintShop.Photo.Pro.X3.v13.00.Multilingual.Incl.Keymaker-CORE\Corel.PaintShop.Photo.Pro.X3.v13.00.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE ---- General
	Trojan.Win32.Refroso.bbo
	MD5: D581068E84510083DDEA45E821EBDE36:137728
	RIC: 0600371F88A037636FF00097CC5A68F6:2216
	EP: 60 BE 00 50 0F 01 8D BE 00 C0 30 FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 0B
	SEC:
		UPX0:00000000000000000000000000000000:0
		UPX1:C31BA29B616772254CAE663772EDF9F7:132096
		.rsrc:4588C97B932EE7CFF9DA173E1D2373C1:4608




----- C:\Users\Jürgen\Downloads\UnZip\Corel.PaintShop.Photo.Pro.X3.v13.00.Multilingual.Incl.Keymaker-CORE\Corel.PaintShop.Photo.Pro.X3.v13.00.Multilingual.Incl.Keymaker-CORE\keygen.exe ---- General
	Mal/KeyGen-A
	MD5: 976F131B5629A2805E7D510A7A1C7476:163840
	RIC: 04A446EC988233B98F445479FAC731CD:2216
	EP: B8 B8 12 47 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 E6 FE 63 F1 03 91 D3 A6 41 B8 C9 9D 9D 07 D3 2C 78 C0 BB 0B 77 F9 F7 E8 0F A1 A1 5B 12 32
	SEC:
		CODE:A13478C479A4F492A2DC40AF5EDAAF95:153600
		.rsrc:5BE4802E688B5EC4931CECB47F337ACB:9216




----- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Stamp Remover\Photo Stamp Remover.lnk ---- General
	Mal/Packer!se2
	MD5: 7AEC9E8E7A553BB39477E5B2EB9CC470:1054
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Dunning Notice\Dunning Notice ReadMe.pdf ---- General
	PDF.Exploit
	MD5: D6AABEC3233C01696750418A791C8CBC:51522
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Dunning Notice\Outputs\Dunning Notice Level1.pdf ---- General
	PDF.Exploit
	MD5: B35EC856BBB9F1330AF1ADA2E99066CA:137594
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Dunning Notice\Outputs\Dunning Notice Level2.pdf ---- General
	PDF.Exploit
	MD5: 21555FB8D4BBBD0E9741BB2483463E99:138209
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Dunning Notice\Outputs\Dunning Notice Level3.pdf ---- General
	PDF.Exploit
	MD5: 4155866C5D717F454B902F0A646E6CE0:157463
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\E-Ticket\E-Ticket ReadMe.pdf ---- General
	PDF.Exploit
	MD5: 69C32E85D18B227831AA68D33E372F4A:53668
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\E-Ticket\Outputs\E-Ticket.pdf ---- General
	PDF.Exploit
	MD5: C63B091D715F9D2106C7099BDDA9524F:140874
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Grant Application\Grant Application ReadMe.pdf ---- General
	PDF.Exploit
	MD5: 9461ED25F9468762B6C545D884B0EAFC:37667
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Purchase Order\Dynamic\Outputs\Purchase Order.pdf ---- General
	PDF.Exploit
	MD5: 37A60598EC1701FC2ADCE0717A617CE4:94313
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Purchase Order\Purchase Order ReadMe.pdf ---- General
	PDF.Exploit
	MD5: 594154D0E92708E77F54E8925C7BCF22:39744
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Purchase Order\Schema\Outputs\Purchase Order.pdf ---- General
	PDF.Exploit
	MD5: C7266D954C031432EE23427AD36B020A:94531
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Samples Index.pdf ---- General
	PDF.Exploit
	MD5: C8A329FBDA34AAE8385A37C42FFBA210:41783
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Scripting\Scripting ReadMe.pdf ---- General
	PDF.Exploit
	MD5: EEE68C12BCF9E3EA957FA4AB366BD6F1:40713
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Outputs\SubformSet1 DataA.pdf ---- General
	PDF.Exploit
	MD5: 6C06B6BE5D5438A1F717417AF10DC61F:35539
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Outputs\SubformSet1 DataB.pdf ---- General
	PDF.Exploit
	MD5: 8B0D4422EC6EF27915F9ED776EF9D0C1:36208
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Outputs\SubformSet2 DataA.pdf ---- General
	PDF.Exploit
	MD5: 8325E21AF570EFFCA4C6DC79A3A004B1:38582
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Outputs\SubformSet2 DataB.pdf ---- General
	PDF.Exploit
	MD5: 2DFCE438C139126B03F8DD9E2C3BAF28:39797
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Outputs\SubformSet3 DataA.pdf ---- General
	PDF.Exploit
	MD5: E7046AE01DABF4F54CEBC6BB294D853D:38917
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Outputs\SubformSet3 DataB.pdf ---- General
	PDF.Exploit
	MD5: 20EF00AC10F844CA43B0696B420ED1ED:39715
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Outputs\SubformSet4 DataA.pdf ---- General
	PDF.Exploit
	MD5: 9004BD0F3C482528CAECABC3D6088902:37844
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Outputs\SubformSet4 DataB.pdf ---- General
	PDF.Exploit
	MD5: 0080249A8CAC58D1C484D55B5B695AD2:41698
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\SubformSet\Subform Set ReadMe.pdf ---- General
	PDF.Exploit
	MD5: AB2E2DFDC2B15120E6E0CCF9ABFFED1F:50376
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Tax Receipt\Outputs\Tax Receipt.pdf ---- General
	PDF.Exploit
	MD5: 7E2BF85B7EF0FF3445DB9E2E0032242A:148618
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\DE\Samples\Tax Receipt\Tax Receipt ReadMe.pdf ---- General
	PDF.Exploit
	MD5: 325AB2842616DC79D049025EED59ECC3:42330
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Dunning Notice\Dunning Notice ReadMe.pdf ---- General
	PDF.Exploit
	MD5: B92DD045DB184E5E80299C28BF6C948D:51677
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Dunning Notice\Outputs\Dunning Notice Level1.pdf ---- General
	PDF.Exploit
	MD5: 6CD9AA94676E8620EB3773BF7B56D424:137805
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Dunning Notice\Outputs\Dunning Notice Level2.pdf ---- General
	PDF.Exploit
	MD5: DE76ADA778BD469D8AEE8D0EDC564CD0:138201
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Dunning Notice\Outputs\Dunning Notice Level3.pdf ---- General
	PDF.Exploit
	MD5: CCFDD69229F74E93A25BF5BDD406E21D:158212
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\E-Ticket\E-Ticket ReadMe.pdf ---- General
	PDF.Exploit
	MD5: EB65C9FDB55316F0B63DE147C833330C:53176
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\E-Ticket\Outputs\E-Ticket.pdf ---- General
	PDF.Exploit
	MD5: 7D1D8618E2A497BFEC5A51715460D21B:142344
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Grant Application\Grant Application ReadMe.pdf ---- General
	PDF.Exploit
	MD5: 480F63973421D76AEFE48076EA6C5976:37043
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Purchase Order\Dynamic\Outputs\Purchase Order.pdf ---- General
	PDF.Exploit
	MD5: 8FAF878DC59E39C957844BC70313AFF2:735649
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Purchase Order\Purchase Order ReadMe.pdf ---- General
	PDF.Exploit
	MD5: 55582759620B8D7BFF238E513CC1FEE7:39706
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Purchase Order\Schema\Outputs\Purchase Order.pdf ---- General
	PDF.Exploit
	MD5: F2817B1AA311858D34F51B1BF3AE3211:92619
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Samples Index.pdf ---- General
	PDF.Exploit
	MD5: DD55CBCA89530A7ACCBC70B0B1F3166D:41102
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Scripting\Scripting ReadMe.pdf ---- General
	PDF.Exploit
	MD5: B6EEB3A2CE5BFCCE4D826A2838599301:37481
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Outputs\SubformSet1 DataA.pdf ---- General
	PDF.Exploit
	MD5: 2C07CC3883D8FA536C1033CEB1A0CD48:35362
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Outputs\SubformSet1 DataB.pdf ---- General
	PDF.Exploit
	MD5: 4AD7466BC168926667979DC801BCEECA:36025
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Outputs\SubformSet2 DataA.pdf ---- General
	PDF.Exploit
	MD5: 5FACCAB10EB7E4B49732AA5EDF23667E:38271
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Outputs\SubformSet2 DataB.pdf ---- General
	PDF.Exploit
	MD5: FA2C7BF0D7BE5CCBA4F99FAD9C31FE35:39736
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Outputs\SubformSet3 DataA.pdf ---- General
	PDF.Exploit
	MD5: 8DAC3F5904D95D674FE9CE9F7D714A42:38867
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Outputs\SubformSet3 DataB.pdf ---- General
	PDF.Exploit
	MD5: 73C7E1EB633ED5984C8A15434510FCB3:39693
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Outputs\SubformSet4 DataA.pdf ---- General
	PDF.Exploit
	MD5: 786B3BF9C573664AED41BA9D7DB7B23A:37456
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Outputs\SubformSet4 DataB.pdf ---- General
	PDF.Exploit
	MD5: 05AF680F5F0178F11C7F6532D2B57D15:41603
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\SubformSet\Subform Set ReadMe.pdf ---- General
	PDF.Exploit
	MD5: ADE092178A5A09B2BE61D9C0E742CF7B:50046
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Tax Receipt\Outputs\Tax Receipt.pdf ---- General
	PDF.Exploit
	MD5: C7C2C0DFFAA4A9EF9139BB21DB359AAA:90375
	EP: 00
	SEC:




----- C:\Program Files (x86)\Adobe\Acrobat 8.0\Designer 8.0\FR\Samples\Tax Receipt\Tax Receipt ReadMe.pdf ---- General
	PDF.Exploit
	MD5: FA93C10E8BCA1B69F149E881C6F507F9:43780
	EP: 00
	SEC:




----- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Log.dll ---- General
	Trojan.LSP.IS2010!se2
	ProdVer: 2.5.0.1
	FileVer: 2, 0, 0, 1
	Name   : EASEUS Todo Backup Log Dynamic Link Library
	Company: CHENGDU YIWO Tech Development Co., Ltd
	NAC: 003CC68792F7A464210C98DE119D49C1:81
	MD5: 3C0E92BF2B581B4865CE81C57CD84689:43400
	EP: 8B FF 55 8B EC 83 7D 0C 01 75 05 E8 92 04 00 00 FF 75 08 8B 4D 10 8B 55 0C E8 CC FE FF FF 59 5D C2 0C 00 CC FF 25 04 A3 00 10 8B 00 81 38 63 73 6D E0 74 03 33 C0 C3 E9 FC 04 00 00 6A 14 68 10 87
	SEC:
		.text:FF543CE81B39342415388F2CEEED228B:24576
		.rdata:B82CF63FC533CE152C93391C7B8FD9E4:7168
		.data:D8773FFB83EB14C521F43D02D278547D:512
		.idata:EFC805E08A6D507DEAABE0AEDF7BB6B8:2560
		.rsrc:04BB81FCAEBDC8CA947451A079098652:2048
		.reloc:B257975D0E96D3C10D3B9FF04E905A74:1024




----- C:\Program Files (x86)\EASEUS\Todo Backup\bin\VssSupport.dll ---- General
	Trojan.LSP.IS2010!se2
	ProdVer: 2.5.0.1
	FileVer: 2, 0, 0, 1
	Name   : EASEUS Todo Backup VssSupport Dynamic Link Library
	Company: CHENGDU YIWO Tech Development Co., Ltd
	NAC: EB44324253178AEBD8FE5593CCD27030:88
	MD5: DF4395F3A23819F6D110B8F93D3732CD:33160
	EP: 8B FF 55 8B EC 83 7D 0C 01 75 05 E8 34 05 00 00 FF 75 08 8B 4D 10 8B 55 0C E8 CC FE FF FF 59 5D C2 0C 00 8B FF 55 8B EC 81 EC 28 03 00 00 A3 F0 72 00 10 89 0D EC 72 00 10 89 15 E8 72 00 10 89 1D
	SEC:
		.text:94941ACEE1C6FAF32294915241FB3B93:14848
		.rdata:1E153CC1E4A843306F9D0ACF7FFF9F94:6656
		.data:61C83E044F503E4E7B5DBDCABCD82C06:512
		.idata:5EBAD6ECA140AC1BBF553550AAB39CD1:2560
		.rsrc:1F7CA450B8EE52EB6A0C35FF3D6DE11D:2048
		.reloc:E3A36FE29543244A912C55280782F5E0:1024




----- C:\Program Files (x86)\Photo Stamp Remover\StampRemover.exe ---- General
	Mal/Packer!se2
	ProdVer: 3, 1, 0, 0
	FileVer: 3, 1, 0, 0
	Name   : Photo Stamp Remover
	Company: SoftOrbits
	NAC: 148EEEE1FD8D1183FA5026173EE4F124:29
	MD5: 84D589D8C6483BCF925DA9241D4B739A:2473280
	RIC: FF72B7ED6F544AD3BC62D83494EB055C:31280
	EP: 68 01 40 8D 00 E8 01 00 00 00 C3 C3 A0 7B E1 48 7B 97 08 B2 8F 5A 82 59 A6 48 E2 BE A6 17 57 46 7E A3 3E 23 51 27 2C D4 9C 8A 72 1F 11 10 33 9E 1C 28 0C F8 AE A8 59 42 F0 B0 17 57 33 18 82 BE 8A
	SEC:
		:1053F73FCA05E9477BA5B7ACEDF1BB9A:1203200
		:8DDB0AD0725221B1B48BD8727393BBF3:230912
		:9D39C7060E6D9682F53DE5B64EC96D68:16896
		.rsrc:C68E0F8F81B8C205C28A9F49C2286F89:698880
		.data:00380C59A98546E3E8CCA72BFB2E8892:316416
		.adata:00000000000000000000000000000000:0




----- C:\Program Files (x86)\Refero Group\Easy Clone Detective\ecDetective.exe ---- General
	Mal/FakeAV!se2
	MD5: 45B4BA3773213BD4488FF78E37030CAD:1912320
	EP: 68 01 F0 7F 00 E8 01 00 00 00 C3 C3 3D 57 7F 18 ED 45 6D 01 1A E0 86 E4 CB 0A 9B 92 0E 5E AB 94 8D 6A 4C 1D 6B AF 3D 2B E6 66 60 1B 5C D0 BE 78 9A 96 97 E2 6E 77 E8 B9 7F DE B8 4A 15 A2 54 9B 3C
	SEC:
		:0F089116266C273F22210939787278A0:612864
		:FB25A79EC52FB7AC653AEAFADDE0E719:3584
		:B24735E3F8305863918DA7F95D748796:20992
		:00000000000000000000000000000000:0
		:886F25E20251CB695B8C5D76DFAE333A:17408
		:00000000000000000000000000000000:0
		:BC7CB0EF5541FDC7233DA2B1B040B970:512
		:00000000000000000000000000000000:0
		.rsrc:A06281EB673EF0EB818BAB07FD35396E:526848
		.data:6E2708514013198054A4C71F4F5CE078:729088
		.adata:00000000000000000000000000000000:0




----- C:\Program Files (x86)\UMPlayer\mplayer\codecs\zmbv.dll ---- General
	Mal/Fraud!se250
	MD5: 7825F56D5F5022FEE4B977932AFA5736:33792
	EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 E0 00 10 8D BE 00 30 FF FF 57 EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
	SEC:
		UPX0:00000000000000000000000000000000:0
		UPX1:D131963A7699F5BE5484215E639A705F:31744
		.rsrc:DDF367ED60EF11C7FC453E144E6D9BA5:1024




----- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Stamp Remover\Photo Stamp Remover.lnk ---- General
	Mal/Packer!se2
	MD5: 7AEC9E8E7A553BB39477E5B2EB9CC470:1054
	EP: 00
	SEC:




Scan completed!


Scan result:         83 detected items
Scan completed in:   Scan completed in 52 minute(s) 20 sec.
Files were scanned:  57883

Alles anzeigen

OpaPaule

Der Anlass, dass ich den Loaris Trojan Remover ausgeführt hatte war, dass Internetseiten nur noch recht langsam geladen wurden.

Gruß Jürgen

OpaPaule

Hallo,

hab FF4.0.1. Gestern habe ich Loaris Trojan Remover laufen lassen und da wurden angebl. div Schadwerte gefunden. Da das im Normalmodus nicht laufen wolte habe ich das im abgesicherten Modus gemacht. Als ich danach wieder in den Normalmodus gestartet habe hat sich FF im abgesicherten Modus gestartet?! Ich habe FF gelossen und erneut gestartet. Diesmal ist er nicht im abgesicherten Modus gestartet, dafür sind alle Addons verschwunden??!! Wie kann ich das wieder herstellen?

Danke!
Gruß Jürgen

OpaPaule

Nein, vielleicht 1 mal/Woche.

Jürgen

OpaPaule

Genau!

Jürgen

OpaPaule

Ja, das könnte sein! Obwohl ich nicht weiss, warum das so ist...

Gruß Jürgen

OpaPaule

...na das hatte ich selbstverständlich immer gemacht! Der Eintrag steht ja auf "Fenster und Tabs der letzten Sitzung anzeigen"! Und trotzdem dieses einstweilige Verhalten!

Gruß Jürgen

OpaPaule

Hallo,

ab und zu passiert es, dass die Tabs der letzten Sitzung nicht wieder angezeigt werden und ich so gezwungen bin alles mühsam aus der Chronik wieder herzustellen!?

Gruß Jürgen

Beiträge von OpaPaule

alle Addons verschwunden

alle Addons verschwunden

alle Addons verschwunden

alle Addons verschwunden

alle Addons verschwunden

alle Addons verschwunden

alle Addons verschwunden

alle Addons verschwunden

Tabs der letzten Sitzung ?!

Tabs der letzten Sitzung ?!

Tabs der letzten Sitzung ?!

Tabs der letzten Sitzung ?!

Tabs der letzten Sitzung ?!